| IndyWatch Science and Technology News Feed Archiver | |
 |
Go Back:30 Days | 7 Days | 2 Days | 1 Day |
|
IndyWatch Science and Technology News Feed was generated at World News IndyWatch. |
|
Thursday, 13 April
01:14
Reality is a Paradox Not Even Wrong
Lex Fridmans latest podcast features a nearly four hour long conversation with Edward Frenkel, under the title Reality is a Paradox Mathematics, Physics, Truth & Love. Normally Im fairly allergic to hearing mathematicians or physicists publicly sharing their wisdom about the larger human experience (since they tend to have less of it than the average person), and Im pretty sure Ive never before listened to a podcast/interview longer than an hour or so. But in this case I listened to and enjoyed the entire thing. Besides sharing Frenkels deep interests in the relation of representation theory and quantum mechanics, and views on the unity of mathematics (and physics), I envy his positive and thoughtful outlook on life and his openness to a range of human experience. The interview left me with a lot to think about and I recommend it highly.
01:08
US, India and China Most Targeted in DDoS Attacks, StormWall Q1 2023 Report HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
DDoS attacks have surged by 47% in Q1 2023, according to a StormWall report.
This is a post from HackRead.com Read the original post: US, India and China Most Targeted in DDoS Attacks, StormWall Q1 2023 Report
00:59
Zigbee PRO 2023 introduces new security mechanisms, feature enhancements Help Net Security
The Connectivity Standards Alliance released Zigbee PRO 2023 of the Zigbee protocol stack. The revision brings several enhancements and new features to the technology, allowing mesh networks to have a universal language that enables smart objects to work together. Whats new? Zigbee PRO 2023 expands on secure-by-design architecture by adding a number of security enhancements to address changing market needs while simplifying the user experience and extending supported bands beyond 2.4 GHz. The revision also More
The post Zigbee PRO 2023 introduces new security mechanisms, feature enhancements appeared first on Help Net Security.
00:50
Distribution Release: TrueNAS 22.12.2 "SCALE" DistroWatch.com: News
TrueNAS SCALE is a Debian-based operating system developed by iXsystems for providing network attached storage solutions. The includes some enhancements to administration and authentication. The release notes state: "22.12.2 includes many new features and improved functionality that span....
00:30
NVIDIA RTX-Remix 0.1 Released For Adding Path Tracing To Classic Games Phoronix
In addition to releasing the GeForce RTX 4070 graphics card today (unfortunately, no launch day Linux review, still waiting on hardware...), NVIDIA has released as open-source the RTX Remix software for helping to add path tracing support to classic games...
00:25
Plenty of juice-jacking scare stories, but precious little juice-jacking Graham Cluley
Travellers are being told to be wary when plugging their smartphones and laptops into USB chargers. But has anyone ever actually been juice-jacked in the real world?
00:00
Signed Distance Functions: Modeling in Math Hackaday
What if instead of defining a mesh as a series of vertices and edges in a 3D space, you could describe it as a single function? The easiest function would return the signed distance to the closest point (negative meaning you were inside the object). Thats precisely what a signed distance function (SDF) is. A signed distance field (also SDF) is just a voxel grid where the SDF is sampled at each point on the grid. First, well discuss SDFs in 2D and then jump to 3D.
SDFs in 2D
A signed distance function in 2D is more straightforward to reason about so well cover it first. Additionally, it is helpful for font rendering in specific scenarios. [Vassilis] of [Render Diagrams] has a beautiful demo on two-dimensional SDFs that covers the basics. The naive technique for rendering is to create a grid and calculate the distance at each point in the grid. If the distance is greater than the size of the grid cell, the pixel i...
Wednesday, 12 April
23:53
Arm Opens Up To Using Intel's 18A Process For Leading-Edge SoCs Phoronix
Intel Foundry Services (IFS) has racked up a big win today with Arm over enabling chip designers to make use of Intel's upcoming 18A process for low-power Arm SoCs...
23:53
Links 12/04/2023: Youtube-dl Hosting Ban Paves the Way to Privatised Censorship Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Instructionals/Technical
-
RIPE SAV: Why Is Source Address Validation Still a Problem?
Network operators can implement filtering anywhere within their network. However, best current practices (BCPs) recommend they perform it close to the...
-
-
23:38
Android App Trojans Sold on Dark Web for $25-$20,000 HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
A Kaspersky study reveals security threats to the Google Play app store and how they have been exposing Android users to malware threats.
This is a post from HackRead.com Read the original post: Android App Trojans Sold on Dark Web for $25-$20,000
23:31
Security updates for Wednesday LWN.net
Security updates have been issued by Fedora (chromium, ghostscript, glusterfs, netatalk, php-Smarty, and skopeo), Mageia (ghostscript, imgagmagick, ipmitool, openssl, sudo, thunderbird, tigervnc/x11-server, and vim), Oracle (curl, haproxy, and postgresql), Red Hat (curl, haproxy, httpd:2.4, kernel, kernel-rt, kpatch-patch, and postgresql), Slackware (mozilla), SUSE (firefox), and Ubuntu (dotnet6, dotnet7, firefox, json-smart, linux-gcp, linux-intel-iotg, and sudo).
23:26
New AI scientist combines theory and data to discover scientific equations Lifeboat News: The Blog
In 1918, the American chemist Irving Langmuir published a paper examining the behavior of gas molecules sticking to a solid surface. Guided by the results of careful experiments, as well as his theory that solids offer discrete sites for the gas molecules to fill, he worked out a series of equations that describe how much gas will stick, given the pressure.
Now, about a hundred years later, an AI scientist developed by researchers at IBM Research, Samsung AI, and the University of Maryland, Baltimore County (UMBC) has reproduced a key part of Langmuirs Nobel Prize-winning work. The system artificial intelligence (AI) functioning as a scientistalso rediscovered Keplers third law of planetary motion, which can calculate the time it takes one space object to orbit another given the distance separating them, and produced a good approximation of Einsteins relativistic time-dilation law, which shows that time slows down for fast-moving objects.
A paper describing the results is published in Nature Communications on April 12.
23:25
(Extra) Quantum Computing Explained and Overview Lifeboat News: The Blog
Playlist:
https://www.youtube.com/playlist?list=PLnK6MrIqGXsJfcBdppW3CKJ858zR8P4eP
Download PowerPoint: https://github.com/hywong2/Intro_to_Quantum_Computing.
Book (Free with institution subscription): https://link.springer.com/book/10.1007/978-3-030-98339-0
Book:
https://www.amazon.com/Introduction-Quantum-Computing-Layperatfound-20
Can quantum computing replace classical computing? State, Superposition, Measurement, Entanglement, Qubit Implementation, No-cloning Theorem, Error Correction, Caveats.
23:25
Its Already Too Late Elon Musk on LATEST AI Lifeboat News: The Blog
Elon Musk has been warning of the dangers of artificial intelligence for as long he can remember and now, it looks like his worst fears might be coming true
23:22
Rapid alternating polarity brings new life to 189-year-old electrochemical reaction Lifeboat News: The Blog
Nearly 200 years since its discovery, industry rarely uses the carboncarbon bond-forming Kolbe reaction but now US researchers have shown it can sustainably make valuable substances.
Phil Barans team at Scripps Research Institute in La Jolla has done away with high voltages and platinum electrodes best established in the Kolbe reaction. In doing so, the researchers have made it much more versatile. The most important feature is the ability to take waste or similarly priced products convert them into extremely high value materials, Baran tells Chemistry World.
23:17
What Flight 50 Means for the Ingenuity Mars Helicopter SoylentNews
What Flight 50 Means for the Ingenuity Mars Helicopter:
JPL's Ingenuity helicopter is preparing for the 50th flight of its 5-flight mission to Mars. Flight 49, which took place last weekend, was its fastest and highest yetthe little helicopter flew 282 meters at an altitude of 16 meters, reaching a top speed of 6.50 meters per second. Not a bad performance for a tech demo that was supposed to be terminated two years ago.
From here, things are only going to get more difficult for Ingenuity. As the Perseverance rover continues its climb up Jezero crater's ancient river delta, Ingenuity is trying its best to scout ahead. But, the winding hills and valleys make it difficult for the helicopter to communicate with the rover, and through the rover, to its team back on Earth. And there isn't a lot of time or room to spare, because Ingenuity isn't allowed to fly too close to Perseverance, meaning that if the rover ever catches up to the helicopter, the helicopter may have to be left behind for the rover's own safety. This high-stakes race between the helicopter scout and the science rover will continue for kilometers.
For the Ingenuity team, this new mode of operation was both a challenge and an opportunity. This was nothing new for folks who have managed to keep this 30-day technology demo alive and healthy and productive for years, all from a couple hundred million kilometers away. IEEE Spectrum spoke with Ingenuity Team Lead Teddy Tzanetos at JPL last week about whether flying on Mars is ever routine, how they upgraded Ingenuity for its extended mission, and what the helicopter's success means for the future of airborne exploration and science on Mars.
Read more of this story at SoylentNews.
23:01
Monitor and troubleshoot applications with Glances and InfluxDB Linux.com
Set up a quick application observability solution that records metrics in real time and pipes them into a database for analysis.
Read More at Enable Sysadmin
The post Monitor and troubleshoot applications with Glances and InfluxDB appeared first on Linux.com.
22:45
[Meme] Unified Patent Court Versus Judges (That Arent Fully Controlled by the EPOs Junta, the Controversial Granting Authority) Techrights
Summary: The EPO is preparing to start its own (controlled) kangaroo court to help hide the effect of patent bubbles (mountains of legally-invalid monopolies)
22:40
What the Hard Data Says About Gender Inequality in Europes Second-Largest Institution, the EPO Techrights
The EUs unwillingness to do something about the EPO will
imperil the EU itself (the EU and EPO are very much connected
through the
illegal Unified Patent Court)
Summary: Gender inequality, or the considerably lower probability of women progressing at Europes largest patent office, as explained by the EPOs elected staff representation only days ago
The Central Staff Committee at the EPO started talking about the empty words from Antnio Campinos regarding inclusion, equality etc. Campinos is basically a low-grade liar. He last brought that up just weeks ago in a pre-recorded speech.
Under the current career system, the Central Staff Committee says, the gender pay gap has widened after every reward exercise. Progress has been made to fix the huge under rewarding of colleagues on maternity leave, but there is still much work to do in other areas. In particular, three issues are highlighted, including the under-rewarding of double-steps and promotions to women, and the under-rewarding of colleagues working part-time.
The paper below is dated 5 days ago. Originally a PDF circulated among stuff, here it is as HTML:
Zentraler Personalausschuss
Central Staff Committee
Le Comit Central du PersonnelMunich, 07/04/2023
sc23040cpGender Pay Gap: at last a fair reward exercise in 2023?
Dear colleagues,
Under the current career system, the gender pay gap has widened after every reward exercise. Progress has been made to fix the huge under rewarding of colleagues on maternity leave, but there is still much work to do regarding other minority groups, such as part-time workers and women, as detailed below.
The Presidents Instructions on Rewards confirm the reality of this trend with his recommendation to managers that states as a proactive measure in order to ensure a fair distribution of rewards to all...
22:27
Re: CVE-2017-11164 - stack exhaustion in PCRE Open Source Security
Posted by Matthew Vernon on Apr 12
I've been trying to push towards getting old-PCRE out of Debian; you cantrack the outstanding bugs online[0], and there's similar for Ubuntu[1].
Once the next Debian release "bookworm" is out, I'm hoping to be able to
make the outstanding bugs release critical, moving towards not shipping
the older pcre (called pcre3 in Debian for Historical Reasons) in the
next release...
Regards,
Matthew
[PCRE maintainer for...
22:00
HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620) Help Net Security
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to a Remote Code Execution (RCE). Oxeye reported this vulnerability to HashiCorp, and the team quickly patched it in versions 1.13.1, 1.12.5, and 1.11.9. of Vault. HashiCorp Vault HashiCorp Vault provides encryption services for modern, microservices-based More
The post HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620) appeared first on Help Net Security.
21:58
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit The Hacker News
Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021.
21:50
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late The Hacker News
Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?'. Since most identity and security teams would provide a negative reply,
21:22
Promising new AI can detect early signs of lung cancer that doctors cant see Lifeboat News: The Blog
Researchers in Boston are on the verge of what they say is a major advancement in lung cancer screening: Artificial intelligence that can detect early signs of the disease years before doctors would find it on a CT scan.
The new AI tool, called Sybil, was developed by scientists at the Mass General Cancer Center and the Massachusetts Institute of Technology in Cambridge. In one study, it was shown to accurately predict whether a person will develop lung cancer in the next year 86% to 94% of the time.
The Centers for Disease Control and Prevention currently recommends that adults at risk for lung cancer get a low-dose CT scan to screen for the disease annually.
21:22
A New Kind of Time Crystal Has Been Created That Does Interesting Things to Light Lifeboat News: The Blog
Scientists are still getting to grips with the ins and outs of strange materials known as time crystals; structures that buzz with movement for eternity. Now a new variety might help deepen our understanding of the perplexing state of matter.
Just as regular crystals are atoms and molecules that repeat over a volume of space, time crystals are collections of particles that tick-tock in patterns over a duration of time in ways that initially seem to defy science.
Theorized in 2012 before being observed in the lab for the first time just four years later, researchers have been busy tinkering with the structures to probe deeper foundations of particle physics and uncover potential applications.
21:02
Mesa 23.1 RadeonSI Enables Rusticl OpenCL Support Phoronix
If Mesa 23.1 couldn't get anymore exciting with RADV GPL support enabled by default, more RDNA3 optimizations, continued Zink optimizations, more Intel DG2/Alchemist enhancements, and a load of other features... Support for RadeonSI with the Rusticl Rust-written OpenCL driver has been merged!..
21:00
The Challenges of Producing Graphene in Quantity Hackaday
Weve all heard the incredible claims made about graphene and its many promising applications, but so far the wonder-material has been held back by the difficulty of producing it in large quantities. Although small-scale production was demonstrated many years ago using basic Scotch tape, producing grams or even kilograms of it in a scalable industrial process seemed like a pipedream until recently. As [Tech Ingredients] demonstrates in a new video, the technique of flash Joule heating of carbon may enable industrial graphene production.
The production of this flash graphene (FG) was first demonstrated by Duy X. Luong and colleagues in a 2020 paper in Nature, which describes a fairly straightforward process. In the [Tech Ingredients] demonstration it becomes obvious how easy graphene manufacturing is using this method, requiring nothing more t...
20:37
10 Years Later, Linux Getting A Touchscreen Driver For A Once Popular Tablet Phoronix
The mainline Linux 6.4 kernel is set to see a new touchscreen driver for supporting the Novatek NVT-ts, which is used by at least a once popular Intel Atom powered Android tablet from a decade prior...
20:36
3CX compromise: More details about the breach, new PWA app released Help Net Security
3CX has released an interim report about Mandiants findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targeted 3CX systems with TAXHAUL (aka TxRLoader) malware, which decrypts and executes shellcode containee in a file with a name and location aimed to make it to blend into standard Windows installations The executed shellcode is the COLDCAT downloader They also More
The post 3CX compromise: More details about the breach, new PWA app released appeared first on Help Net Security.
20:30
Dashcam Footage Shows Driverless Cars Clogging San Francisco SoylentNews
[...] The 54 [Felton line], brought to a halt by an autonomous vehicle belonging to Alphabet's Waymo, isn't the only bus that's run into trouble with San Francisco's growing crowd of driverless vehicles. Bus and train surveillance videos obtained by WIRED through public records requests show a litany of incidents since September in which anxiety and confusion stirred up by driverless cars has spilled onto the streets of the US city that has become the epicenter for testing them.
As the incidents stack up, the companies behind the autonomous vehicles, such as Waymo and General Motors' Cruise, want to add more robotaxis to San Francisco's streets, cover more territory, and run at all hours. Waymo and Cruise say they learn from every incident. Each has logged over 1 million driverless miles and say their cars are safe enough to keep powering forward. But expansions are subject to approval from California state regulators, which have been pressed by San Francisco officials for years to restrict autonomous vehicles until issues subside.
Driverless cars have completed thousands of journeys in San Franciscotaking people to work, to school, and to and from dates. They have also proven to be a glitchy nuisance, snarling traffic and creeping into hazardous terrain such as construction zones and downedpow...
20:21
KDE Connect 2.0 Planning For Big Improvements Phoronix
KDE Connect is the great software that allows for interfacing between the KDE desktop and your various mobile devices running Android, Plasma Mobile, Apple iOS, or even Sailfish OS. KDE Connect allows easily sharing files and data with your mobile device(s), receiving phone notifications on your desktop, and a lot of other remote/cross-device functionality. The KDE Connect 2.0 initiative that is taking shape this year thanks to full-time development work is going to modernize this open-source solution...
20:20
The Impact of Microsoft Bribing the Media and Suppressing Facts That Are Rarely Mentioned (Despite Their High Importance) Techrights
Video download link |
md5sum 2505cca4353b58b6a2bd075ca0a698b2
Facts About Microsoft
Creative Commons Attribution-No Derivative Works 4.0
Summary: Grifting Microsoft, propped up by bailout money and "defence" contracts from Trump and Biden, isnt doing as well as Microsoft-funded media wants us to think; there are many layoffs, rapid erosion in market share, and deep losses in the buzzwords' departments
THE media has made it exceptionally easy to be cynical and sceptical of it. Yes, the media (or mass media, corporate media, mainstream media) is gaslighting people, lying to people, blaming the victims, and glorifying the criminals. Its absurd, but thats what happens when money buys the news and lobbying can become reporting.
As noted above, the GNU/Linux world isnt immune to that. For instance, Clickfraud Spamnil [1, 2] (TFIR) is producing Microsoft spam this week, sponsored by Linux Foundation. Yesterday we spoke about all the fake coverage that hyped up chaffbots, which months later seem like a forgotten fad.
In order for the media to regain peoples trust itll need to act like media again.We now have...
20:18
Kodi forum breach: User data, encrypted passwords grabbed Help Net Security
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a legitimate but inactive member of the forum admin team to access the MyBB admin console on two occasions: February 16 and 21, 2023. The attacker was able to create backups of databases, which they then More
The post Kodi forum breach: User data, encrypted passwords grabbed appeared first on Help Net Security.
20:07
Go JUICE Centauri Dreams Imagining and Planning Interstellar Exploration
Take a look at our missions to Jupiter in context. The image below shows the history back to 1973, with the launch of Pioneer 10, and of course, the Voyager encounters. We also have the flybys by Ulysses, Cassini and New Horizons, each designed for other destinations, for Jupiter offers that highly useful gravitational assist to help us get places fast. JUICE (Jupiter Icy Moons Explorer) joins the orbiter side of the image tomorrow, with launch aboard an Ariane 5 from Kourou (French Guiana) scheduled for 1215 UTC (0815 EDT) on Thursday. You can follow the launch live here or here.
The first gravitational maneuver will be in August of next year with a Lunar-Earth flyby, followed by Venus in 2025 and then two more Earth flybys (2026 and 2029) before arrival at Jupiter in July of 2031. Ive written a good deal about both Europa Clipper and JUICE in these pages and wont go back to repeat the details, but we can expect 35 icy moon flybys past Europa, Ganymede and Callisto before insertion into orbit at Ganymede, making JUICE the first mission that will go into orbit around a satellite of another planet. Needless to say, well track JUICE closely in these pages.
Image: Ariane 5 VA 260 with JUICE, start of rollout on Tuesday 11 April. Credit for this and the above infographic: ESA.
19:55
Linux Patches Confirm Intel Meteor Lake Having An L4 Cache Phoronix
A new Intel graphics kernel driver patch posted by Intel on Tuesday confirm that upcoming Meteor Lake processors will feature an ADM/L4 cache...
19:24
New discovery points the way to more compact fusion power plants Lifeboat News: The Blog
A magnetic cage keeps the more than 100 million degree Celsius hot plasmas in nuclear fusion devices at a distance from the vessel wall so that they do not melt. Now researchers at the Max Planck Institute for Plasma Physics (IPP) have found a way to significantly reduce this distance. This could make it possible to build smaller and cheaper fusion reactors for energy production. The work was published in the journal Physical Review Letters.
19:24
Endometriosis linked to increased risk of cardiovascular disease in women Lifeboat News: The Blog
In a recent study published in the journal Maturitas, researchers conducted a systematic review and meta-analysis to compare the risk of cardiovascular events in women with and without endometriosis.
Study: Endometriosis and cardiovascular disease: A systematic review and meta-analysis. Image Credit: Bangkok Click Studio / Shutterstock.
Apart from autoimmune disorders, polycystic ovary syndrome, depression, and premature menopause, there are pregnancy-associated risk factors for cardiovascular diseases, such as gestational diabetes, pregnancy-related hypertensive disorders, placental abruption, preterm delivery, and pregnancy loss. Women experience a higher mortality rate due to cardiovascular diseases, and while the treatment methods are the same for men and women, the presentation, symptoms, diagnosis, risk factors, and response to treatment differ for women.
19:24
Gaining a Multimessenger View of Supernovae Explosions Lifeboat News: The Blog
Simultaneously detecting the gravitational-wave and neutrino signals emitted during the last second of a massive stars life could show how such stars die.
19:24
NOW: Pensions and Standard Life Cannot Tackle Pension Fraud After 3+ Months schestowitz.com
Summary: The crimes of Sirius Open Source help highlight abuse by pension providers; after more than 3 months theyre still not holding accountable pension fraudsters (at least 3 people were involved in the fraud and two of them are based in the UK, so extradition proceedings arent even required)
Latest (today):
>> I hope this helps to settle your concerns regarding your
>> NOW Pension fund, as you can see from the above, they
>> have outlined how and who is responsible for protecting
>> your pension savings and applies to all NOW Pensions members.
>
> Hi,
>
> Please send the full letter, as promised, to
> 1) my wife
> 2) myself
>
> as promised by ???????? (staff)
> as promised by ???????? (staff)
> as promised by ???????? (manager)
>
> several times since February. We need this obligation in
> writing.I need an update on this. There are multiple complainants about the pension fraud. We need action, not stalling tactics. You behave like lawyers, not like a pension provider.
19:24
Probing the Helium Nucleus beyond the Ground State Lifeboat News: The Blog
A new electron-scattering experiment challenges our understanding of the first excited state of the helium nucleus.
A helium nucleus, also known as an particle, consists of two protons and two neutrons and is one of the most extensively studied atomic nuclei. Given the small number of constituents, the particle can be accurately described by first principles calculations. And yet, the excited states of the particle remain a bit of a mystery, as evidenced by a disagreement surrounding the excitation from the ground state 01+ to the first excited state 02+ [1]. Theoretical predictions for this transition do not match measurements, but the experimental uncertainties have been too large for implications to be drawn. Now, the A1 Collaboration at Mainz Microtron (MAMI) in Germany has remeasured this transition via inelastic electron scattering [2]. The new data significantly improves the precision compared to previous measurements and confirms the initial discrepancy.
19:22
Still Waiting: Pension Providers in the UK Stalling for Months After Several Independent Reports of Pension Fraud Techrights
Summary: The crimes of Sirius Open Source help highlight abuse by pension providers; after more than 3 months theyre still not holding accountable pension fraudsters (at least 3 people were involved in the fraud and two of them are based in the UK, so extradition proceedings arent even required)
Latest (today):
>> I hope this helps to settle your concerns regarding your
>> NOW Pension fund, as you can see from the above, they
>> have outlined how and who is responsible for protecting
>> your pension savings and applies to all NOW Pensions members.
>
> Hi,
>
> Please send the full letter, as promised, to
> 1) my wife
> 2) myself
>
> as promised by (staff)
> as promised by (staff)
> as promised by (manager)
>
> several times since February. We need this obligation in
> writing.I need an update on this. There are multiple complainants about the pension fraud. We need action, not stalling tactics. You behave like lawyers, not like a pension provider.
19:09
ACE Wants Cloudflare to Expose The Pirate Bays Operators TorrentFreak
The
Pirate Bay has been around for nearly two decades, which is quite
an achievement considering the immense legal pressure it has faced
over the years.
Swedish police tried to shut the site down, twice, raiding dozens of servers. This ultimate goal failed but local authorities did prosecute the sites three co-founders, who all served time in prison for their involvement.
The notorious torrent site stood tall in the midst of this turmoil and continues to operate from thepiratebay.org until this day. While it is no longer the largest piracy site online, anti-piracy forces havent forgotten about it.
Pirate Bay Targeted in New Subpoena Wave
This week, we spotted yet another attempt to uncover the current operators. Through the Motion Picture Association, the Alliance for Creativity and Entertainment (ACE) requested a DMCA subpoena at the U.S. District Court for the Central District of California.
These subpoenas are not uncommon and are typically directed at third-party intermediaries, Cloudflare in this case. The Pirate Bay is a Cloudflare customer and through the court, ACE requests all useful information the California company has on its illustrious client.
The subpoena requires that you provide information concerning the individuals offering infringing material described in the attached notice, ACE informs Cloudflare.
[Y]ou are required to disclose [] information sufficient to identify the infringers. This would include the individuals names, physical addresses, IP addresses, telephone numbers, e-mail addresses, payment information, account updates and account history.
These DMCA subpoenas dont require any judicial oversight. In most cases, they are swiftly signed off by a court clerk. The legal paperwork is then sent to Cloudflare, which typically replies with all relevant information it has on file.
Actionable Intel?
Whether this...
18:00
Elegant Evening Dress Sports Servo-Actuated Flowers Hackaday
Theres been plenty of research into smart fabrics, and weve seen several projects involving items of clothing with electronics integrated inside. These typically include sensors and simple actuators like LEDS, but theres no reason you cant integrate moving electromechanical systems as well. [Rehana Al-Soltane] did just that: she made an elegant evening dress with flowers that open and close on command.
It took [Rehana] a bit of experimentation to figure out a floral design that opens and closes smoothly without crumpling the fabric or requiring excessive force to actuate. She finally settled on a plastic sheet sandwiched between two layers of fabric, with pieces of fishing line attached that pull the edges inward. The lines are guided through a tube down the back of the dress, where a servo pulls or releases them.
The mechanical flower can be operated by touch [Rehana] made one of the other flowers conductive by embedding copper tape betwee...
17:57
SAP April 2023 security updates fix critical vulnerabilities Security Affairs
SAP fixed two critical bugs that affect the Diagnostics Agent and the BusinessObjects Business Intelligence Platform.
SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. The most critical vulnerabilities are:
- CVE-2023-27267: missing authentication and insufficient input validation in the exploited by an attacker to execute scripts on connected Diagnostics Agents. Successful exploitation can potentially lead to full compromise of the system.
- CVE-2023-28765: An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file. Once the attacker gained access to BI users passwords and depending on the privileges of the BI user, he can perform operations that can completely compromise the application.
The complete list of the notes is reported in the latest security bulletin:
SAP administrators are urged to apply the available security patches as soon as possible.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Ma...
17:43
China's Loongson Unveils 32-Core CPU, Reportedly 4X Faster Than Arm Chip SoylentNews
The 3D5000 has come out of the oven:
Loongson, a Chinese fabless chipmaker, has launched the new 3D5000 processor for data centers and cloud computing. MyDrivers (opens in new tab) reported that Loongson claims its 32-core domestic chips deliver 4X higher performance than rival Arm processors.
The 3D5000 still leverages LoongArch, Loongson's homemade instruction set architecture (ISA) from 2020. The chipmaker was previously a firm believer in MIPS. However, Loongson eventually built LoongArch from the ground up with the sole objective of not relying on foreign technology to develop its processors. LoongArch is a RISC (reduced instruction set computer) ISA, similar to MIPS or RISC-V.
The 3D5000 arrives with 32 LA464 cores running at 2 GHz. The 32-core processor has 64MB of L3 cache, supports eight-channel DDR4-3200 ECC memory, and up to five HyperTransport (HT) 3.0 interfaces. It also supports dynamic frequency and voltage adjustments. Officially, the 3D5000 has a 300W TDP; however, Loongson stated that the conventional power consumption is around 150W. That's roughly 5W per core.
The 3D5000 flaunts a chiplet design since Loongson has glued together two 16-core 3C5000 processors. Loongson developed the 3C5000 server part to compete with AMD's Zen and Zen+ architectures. The latest 3D5000, which measures 75.4 x 58.5 x 7.1mm, slides into a custom LGA4129 socket.
Read more of this story at SoylentNews.
17:36
Nadine Hoosen, Chief Science Officer at TAFFD's, joins our Biotech/Medical Board. Lifeboat News
Nadine Hoosen, Chief Science Officer at TAFFDs, joins our Biotech/Medical Board.
17:23
IRC Proceedings: Tuesday, April 11, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-110423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-110423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-110423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-110423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:06
OpenAI launched a bug bounty program Security Affairs
AI company OpenAI launched a bug bounty program and announced payouts of up to $20,000 for security flaws in its ChatGPT chatbot service.
OpenAI launched a bug bounty program and it is offering up to $20,000 to bug hunters that will report vulnerabilities in its ChatGPT chatbot service.
The company explained that ChatGPT is in scope, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins (e.g. Browsing, Code Interpreter), plugins users create themselves, and all other functionality. Plugins developed by other people are out of the scope.
The bug bounty program, which is operated via the Bugcrowd crowdsourced security platform, also covers APIs, API keys, and other assets belonging to OpenAI. The company is also interested in confidential OpenAI corporate information that may be exposed through third parties, such as Google Workspace, Trello, Jira, Salesforce and Stripe.
The bounties range from $200 for low-severity security issues up to $20,000 for critical vulnerabilities.
Security is essential to OpenAIs mission. We appreciate the contributions of ethical hackers who help us uphold high privacy and security standards for our users and technology. This policy (based on disclose.io) outlines our definition of good faith regarding the discovery and reporting of vulnerabilities, and clarifies what you can expect from us in return. reads the announcement published by the company.
The initial priority rating for most findings will use the Bugcrowd Vulnerability Rating Taxonomy. However, vulnerability priority and reward may be modified based on likelihood or impact at OpenAIs sole discretion. In cases of downgraded issues, researchers will receive a detailed explanation.
In March, 2023, OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories.
One of the issues was a Web Cache Deception vulnerability reported by the bug bounty hunter and Shockwave founder Gal Nagli, it could lead to an account takeover.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Secur...
17:03
COVID-19 Won, We Lost. Why Doesnt the Media Admit This? schestowitz.com
Video download
link | md5sum
0728ff8efe7b4350ffebfe6c23131bb0
COVID-19 Remains Untackled
Creative Commons Attribution-No Derivative Works 4.0
ve
just
published some hard data to show how deaths have soared this
year, probably in relation to the neglect of COVID-19 response.
Institutions and media compel us to think that COVID-19 is a thing
of the past or old news while publicly-available
data shows alarming numbers, including total mortality across
all age groups (its up sharply).
Media gaslighting wont be the solution to all this. We need proper research and real, hard answers.
17:00
Grandfather Paradox? Terra Forming Terra
Our own living plasma Ocean Terra Forming Terra
The more i get my mind around the neutral neutron pair or NNP for short, the more i am convinced that it lies dense about us and permeates the whole earth. It is scaled at the same size as the hydrogen atom without having the orbital and free electron of the hydrogen atom which enlarges the scale.. My point is that however spaced our NNPs are, at a size of half an angstrom they easily pass through all our matter and been effrectively chargeless, there is scant drag. I am not going to say zero but it is still so little that we have been almost unable to detect them.
Having said all that, let us return to lightening. First off a 3D mass of free electrons or free ions for that matter is an explosive. When we look at lightening bolts we actually see a massive column passing down to the earth. It follows that freee atmospheric ions flee to the surface and interact with free electrons to produce really hot electrons.
Thus it appears that a mass of NNPs carries charged ions down to toward the ground for discharge. When it hits the ground it opens a live surface for electrons to flow back up the column. If the column breaks up, the NNPs will drain into the ground which leaves both free ions and electrons in position to explode. Plenty of energy for both thunder and heat lightening. The take home is that by simply invoking NNPs we can clearly explain and understand what we see going on up in the skies.
another consequernce of all this is that a vacuum tube is no true vacuum tube at all, but contains a full load of NNPs. I do recall that odd observations exist likely to respond well to this model.
And just where does coherant light fit into all this? Suddenly we have a convenient ordered, but neutral structure around all that we see and measure.
This also explains the nature of gravity and what i have also
observed. I have already posted that we can drive gravity out
of a given mass, simply because I have seen it done. The big
take home is that the mass of NNPs is neutral and has zero effect
on our bodies which by the way, after been separat...
How to Get Geisha-Like Skin with Ancient Japanese Rice Water Treatment Terra Forming Terra
Barefoot and health becoming a tthing Terra Forming Terra
I have posted in the past about the likely virtues of walking barefoot on the ground. These werte simply my own observations ,but i did put a note together to see if we could drum up some interest. As it was, i need not have bothered because others have also woken up to the possibilities.
This is from seven years ago already and it turns out that serious effort is underway to make it easier to do.
I actually went barefoot in the summer until I turned six and went to school. That was the common deal then. winter time saw rubber boots and thick socks of course. also i stayed with leather shoes for office work until recently. All that is now harder to do.
The real take home is that been grounded empowers your body to heal pro[erly, simply because your nervous system can scavenge free electrons when needed. all those stories here go back to allowing your body to do its job and wrapping yourself in insulators is obviously stupid.
<iframe width="661" height="372" src="https://www.youtube.com/embed/cRW0XO2xWn4" title="Grounding - The Grounded Documentary Film about "Earthing"" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
16:57
CEO of Sirius UK Continues to Purge Any Remnants of His Past With the Company (Trying Hard Not to Associate With It) Techrights
Also see: Sirius UK CEO Resigns (or Gets Sacked) and Completely Deletes His Whole Past With Sirius Open Source | Amid Fraud at Sirius Open Source CEO Deletes His Recent (This Month) Past With the Company
Latest:
Oh, look what has just happened:
Summary: Knowing the crimes of Sirius Open Source as a high-level insider, the CEO who bullied Sirius staff is running away, one can imagine after internal confrontation and risk of arrest/extradition/prosecution; we are still waiting for NOW: Pensions to send us letters and for Standard Life to progress several complaints from several of the companys victims
16:38
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit The Hacker News
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20
16:15
GitGuardian Honeytoken helps companies secure their software supply chains Help Net Security
GitGuardian launched its new Honeytoken module, providing intrusion detection, code leakage detection and helping companies secure their software supply chains against attackers targeting Source Control Management (SCM) systems, Continuous Integration Continuous Deployment (CI/CD) pipelines, and software artifact registries. Honeytoken is a significant addition to our code and supply chain security platform, said Eric Fourrier, CEO of GitGuardian. It enables organizations to detect intrusions in their DevOps environments effectively. Security teams can now easily monitor their More
The post GitGuardian Honeytoken helps companies secure their software supply chains appeared first on Help Net Security.
15:10
Cybercrime group exploits Windows zero-day in ransomware attacks Security Affairs
Microsoft has addressed a zero-day in the Windows Common Log File System (CLFS) actively exploited in ransomware attacks.
Microsoft has addressed a zero-day vulnerability, tracked as CVE-2023-28252, in the Windows Common Log File System (CLFS), which is actively exploited in ransomware attacks. Microsoft fixed the issue with the release of Patch Tuesday security updates for April 2023.
The issue is an unspecified vulnerability in the CLFS driver that allows for privilege escalation. A local attacker can exploit this vulnerability to gain SYSTEM privileges. The vulnerability is easy to exploit and could be triggered without user interaction.
US CISA has added the flaw to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are exploiting the flaw to escalate privileges and deploy Nokoyawa ransomware.
CISA orders federal agencies to fix this vulnerability by May 2nd, 2023.
Kaspersky Lab experts first reported that the CVE-2023-28252 flaw was exploited in attacks deploying the Nokoyawa ransomware.
On February 2023, Kaspersky experts observed a number of attempts to execute elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions.
The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.
The discovered exploit uses the vulnerability to corrupt another specially crafted base log file object in a way that a fake element of the base log file gets treated as a real one. reads the...
15:00
Portable MSX2 Brings the Fun on the Go Hackaday
Something of a rarity in the US, the MSX computer standard was rather popular in other parts of the world but mostly existed in the computer-in-a-keyboard format popular in the 80s. [Aron Hoekstra aka nullvalue] wanted to build an MSX2 of their own, but decided to build it in a...
14:57
Ethereums Shanghai Update Opens a Rift in Crypto SoylentNews
At 19:27 Eastern time on April 12, the Ethereum blockchain, home to the world's second-most-popular cryptocurrency, ether, will finally sever its links to crypto mining. Within the Ethereum bubble, a sense of anticipation is building; some are planning "viewing parties" for the occasion. Codenamed "Shanghai," the update to Ethereum caps off a process, after "The Merge," which fundamentally changes the way transactions are verified and the network secured.
Under the old system, proof-of-work (PoW) mining, the right to process a batch of transactions and earn a crypto reward is determined by a race to solve a mathematical puzzle. The greater the computing power miners throw at the problem, the greater their chance of winning the race. Under Ethereum's new proof-of-stake (PoS) system, there is no race and there are no miners; instead, the winner is determined by raffle. The greater the amount of ether somebody locks up on the networkor stakesthe greater the chance they hold a prize-winning ticket.
By demonstrating that a large-scale blockchain can shift from one system to another, Shanghai will reignite a debate over whether the practice of mining that still supports bitcoin, the most widely traded cryptocurrency, is viable and sustainable. [...]
"The energy consumption problem is Bitcoin's achilles heel," says de Vries. "It's a simple fact that as the price of bitcoin gets higher, the energy consumption problem gets worse. The more money miners make, the more they will typically spend on resources: hardware and electricity.
Read more of this story at SoylentNews.
14:30
Key factors driving changes in the perception of the CISO role Help Net Security
The CISO role is currently fraught with novel challenges and escalating workloads. This includes increased paperwork and time spent on risk assessments, which have surged from two to thirty hours per assessment. Furthermore, privacy regulations are expanding, and CISOs are increasingly being held responsible for the companys security decisions or lack thereof. These difficulties are poised to intensify further with the fresh mandates and demands outlined in the Biden administrations cyber strategy. In this Help More
The post Key factors driving changes in the perception of the CISO role appeared first on Help Net Security.
14:06
North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack The Hacker News
Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The threat intelligence
14:00
Data-backed insights for future-proof cybersecurity strategies Help Net Security
The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net Security interview, Travis Smith, VP of the Qualys TRU, talks about the 2023 Qualys TruRisk Threat Research Report, which provides security teams with data-backed insights to help them better understand how adversaries exploit vulnerabilities and render attacks. What are the most dangerous cyber threats to look More
The post Data-backed insights for future-proof cybersecurity strategies appeared first on Help Net Security.
14:00
CoreCtrl Now Available In Debian & Ubuntu 23.04 For Managing Your System Phoronix
CoreCtrl as the open-source utility for managing your system's performance/vitals and supporting various application profiles has landed in Debian as well as being picked up for easy installation on the upcoming Ubuntu 23.04...
13:45
600,000 Americans Per Year Are Dying From COVID Shots Says Top Insurance Analyst cryptogon.com
Via: The Florida Standard: Those vaccinated against COVID-19 have a 26 percent higher mortality rate on average compared to those who declined the jab and the death toll is even more staggering for vaccinated people under 50 years old, where mortality is 49 percent higher than for those unvaccinated. The shocking numbers are based []
13:33
In Ireland, More Deaths at End of 2022 Than in 2021 (COVID-19) and Far More Deaths Now Than During COVID-19s Peak schestowitz.com
tl;dr 8467 deaths in 2022Q3, compared to 8165 in 2021Q3
ast
year
we looked at this data and found that Ireland was not solving
the COVID-19 problem.
We have newer data now.
Now, lets compare Q3 deaths for even older years:
6517 in 2010
6911 in 2011
6825 in 2012
6983 in 2013
7001 in 2014
6851 in 2015
7129 in 2016
6987 in 2017
7143 in 2018
7358 in 2019
7111 in 2020
Dont believe the numbers? Heres the data:
13:30
Hybrid work environments are stressing CISOs Help Net Security
The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to Red Access. Among the reports most critical findings is the revelation that browsing-based threats ranked as CISOs number one concern, regardless of whether their organization was operating primarily in an in-office, hybrid, or remote setting. And as More
The post Hybrid work environments are stressing CISOs appeared first on Help Net Security.
13:22
Leaked Classified Military Documents On Ukraine [???] cryptogon.com
The non-stop mainstream media promotion of this gives me pause. I dont know what Im looking at. As for Western special forces operating in Ukraine, Ive suspected it since May of last year. If you want to see the documents in question for yourself, Cryptome is hosting them. Via: BBC: The UK is among a []
13:14
COVID-19 Death Toll in the UK Passes 222,222, Not Counting Indirect Deaths schestowitz.com
xcess
mortality has been off the charts since last summer. The media
chooses to not talk about this (or barely even mention
that). A lot more publicly-funded research is needed here, with no
(corporate) strings attached.
Meanwhile, UK Deaths with COVID-19 on the death certificate exceeds 222,222 (222,283 is the already-outdated figure).
Should we take this for granted? Or the new normal? Looking at the hard data, containment saved lived. Lockdowns had a real effect:
COVID-19 is still with us. It won. Its an unsolved problem and its not over, the media is just deflecting and leveraging Russia/Ukraine.
Yesterday around 10AM ONS was supposed to release some death-related figures (updated every Tuesday), but this time it was delayed till 13th of April 2023, i.e. tomorrow. Yesterday wasnt Bank Holiday.
13:00
Threat hunting programs can save organizations from costly security breaches Help Net Security
Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of attacks. For example, a study by IBM found that the average total cost of a breach is $4.35 million. To better understand the perspective of threat hunters who are in the trenches defending their organizations More
The post Threat hunting programs can save organizations from costly security breaches appeared first on Help Net Security.
12:58
NYPD Reboots Cyborg Police Dog After Backlash cryptogon.com
Via: New York Daily News: Digidog, the NYPD robot pooch, is back and department leaders promise its not the dystopian surveillance nightmare it was made out to be the first time New Yorkers got a look at it. Two years after the $74,000 robot canine program landed the NYPD in the doghouse with civil rights []
12:30
11:11 Systems Managed SteelDome provides protection from ransomware attacks Help Net Security
11:11 Systems has revealed 11:11 Managed SteelDome in partnership with SteelDome Cyber. The fully managed service is designed for organizations in need of secure, scalable and cost-efficient storage of their unstructured, on-premises data. Leveraging SteelDomes InfiniVault application technology, 11:11 Managed SteelDome provides on-premises data storage, protection and recovery. This new offering provides data immutability and protection from ransomware attacks and optimizes data storage, all while meeting strict compliance and regulatory requirements. Acting as a storage More
The post 11:11 Systems Managed SteelDome provides protection from ransomware attacks appeared first on Help Net Security.
12:10
What to Know About the JUICE Mission to Jupiter and its Frozen Moons SoylentNews
JUICE, short for JUpiter ICy moons Explorer, is headed for Jupiter, but the spacecraft will focus its observations on three of the gas giant's many moons: Europa, Ganymede, and Callisto. Jupiter, the largest planet in the solar system, hosts more than 70 natural satellites, but these three Galilean moons are thought to hold immense amounts of subsurface water hidden beneath thick layers of ice (Io is the fourth Galilean moon, but it's an inhospitable volcanic hellhole). JUICE, an international collaboration headed by the European Space Agency, will spend three to four years at Jupiter, performing flybys and making detailed observations of the three icy moons and their immediate surroundings.
[...] JUICE will reach Jupiter in 2031 following an eight-year journey, but to get there it'll need to receive four gravity boosts from Earth and Venus. Excitingly, the spacecraft's flyby of the Earth-Moon system, a maneuver known as a Lunar-Earth gravity assist (LEGA), has never been attempted before. As ESA explains, JUICE will first get a gravitational assist from the Moon and then a second from Earth some 1.5 days later, in a maneuver meant to "save a significant amount of propellant."
Europa, Ganymede, and Callisto are all suspected of containing subsurface oceans capped in an icy crust. JUICE will evaluate the trio for potential signs of habitability, given the assumed presence of liquid water. Indeed, and as ESA makes clear, the overarching question of the mission is whether gas giants can harbor habitable conditions and spawn primitive life. In addition to its astrobiological duties, JUICE will seek to answer questions about planetary formation and the solar system in general. More conceptually, the spacecraft will evaluate the "wider Jupiter system as an archetype for gas giants across the Universe," according to ESA.
Read more of this story at SoylentNews.
12:00
Using Old Coal Mines As Cheap Sources of Geothermal Heat Hackaday
For as much old coal mines are a blight upon the face of the Earth, they may have at least one potential positive side-effect. Where the coal mine consists out of tunnels that were drilled deep into the soil, these tend to get flooded by groundwater after the pumps that keep them dry are turned off. Depending on the surrounding rock, this water tends to get not only contaminated, but also warmed up. As the BBC explains in a recent video as a follow-up to a 2021 article, when the water is pumped up for decontamination, it can be run through a heat exchanger in order to provide heat for homes and businesses.
11:55
11:41
Links 11/04/2023: Budgie Desktop 10.7.x and Ubuntu Budgie 23.04 Techrights
Contents
-
GNU/Linux
-
Server
-
Linux Links 9 Best Free and Open Source PaaS Cloud Computing Stacks
Platform as a Service (PaaS) is a category of cloud computing services which offers a way to support the complete lifecycle of delivering web applications and services via the cloud. Along with Software as a Service (SaaS) and Infr...
-
-
11:08
NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly
NEW 'Off The Wall' ONLINE
Posted 12 Apr, 2023 1:08:08 UTC
The new edition of Off The Wall from 04/11/2023 has been archived and is now available online.
10:55
"Inside-out Wankel" rotary engine delivers 5X the power of a diesel Terra Forming Terra
10:06
Microsoft (& Apple) Patch Tuesday, April 2023 Edition Krebs on Security
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.
On April 7, Apple issued emergency security updates to fix two weaknesses that are being actively exploited, including CVE-2023-28206, which can be exploited by apps to seize control over a device. CVE-2023-28205 can be used by a malicious or hacked website to install code.
Both vulnerabilities are addressed in iOS/iPadOS 16.4.1, iOS 15.7.5, and macOS 12.6.5 and 11.7.6. If you use Apple devices and you dont have automatic updates enabled (they are on by default), you should probably take care of that soon as detailed instructions on how to attack CVE-2023-28206 are now public.
Microsofts bevy of 100 security updates released today include CVE-2023-28252, which is a weakness in Windows that Redmond says is under active attack. The vulnerability is in the Windows Common Log System File System (CLFS) driver, a core Windows component that was the source of attacks targeting a different zero-day vulnerability in February 2023.
If it seems familiar, thats because there was a similar 0-day patched in the same component just two months ago, said Dustin Childs at the Trend Micro Zero Day Initiative. To me, that implies the original fix was insufficient and attackers have found a method to bypass that fix. As in Februar...
10:00
HPR3833: Software Freedom Podcast Hacker Public Radio
Software Freedom Podcast - Free Software Foundation Europe Another recommendation for your podcatcher from our sister project https://freeculturepodcasts.org/ Website: https://fsfe.org/about/about.en.html Episode: https://fsfe.org/news/podcast/episode-14.html Feed Opus: feed://fsfe.org/news/podcast-opus.en.rss Feed mp3: feed://fsfe.org/news/podcast.en.rss Copyright (c) Free Software Foundation Europe. Creative Commons BY-SA 4.0 SFP#14: The world of mesh networking with Elektra Wagenrad With this episode the Software Freedom Podcast opens the door to the fascinating and sometimes complex world of mesh networking. And who better than Elektra Wagenrad can take us on this journey? Elektra is one of the original developers of the B.A.T.M.A.N. protocol and of the Mesh Potato project. In our 14th Software Freedom Podcast episode Matthias Kirschner talks with our guest, Elektra Wagenrad, about the origins of Freifunk, the B.A.T.M.A.N. protocol, and the Mesh Potato project. If you are new to the world of mesh networking this episodes is an easy entrance to it. Elektra not only explains the theory behind the protocols but also dives deeper into the philosophical idea of it. In this context, Matthias and Elektra also touch on the difficult topic of limiting the use of Free Software, using the example of the former ban on the use of the B.A.T.M.A.N. protocol for military activities. Last but not least they also discuss the EUs Radio Equipment Directive and the FSFE's Router Freedom activity. With this episode, the Software Freedom Podcast has produced an easy to follow and easy to understand podcast for everybody who is interested in mesh networking. Join us on our journey through this fascinating technical and philosophical world and listen to Elektra and Matthias as they tell the story with its ups and downs. Read more: What is Free Software? Freifunk (DE) Open-Mesh Project The "Mesh Potato" project FSFEs activity on Radio Lockdown FSFE's Router Freedom activity If you liked this episode and want to support our continuous work for software freedom, please help us with a donation.
09:44
Nonthapat "Brave" Pulsiri joins our blog team with the post "How can we make the space sector more sustainable?". Lifeboat News
Nonthapat Brave Pulsiri joins our blog team with the post "How can we make the space sector more sustainable?".
09:25
CVE-2023-1281, CVE-2023-1829: Linux kernel: Vulnerabilities in the tcindex classifier Open Source Security
Posted by valis on Apr 11
Hi,I have recently discovered two security issues in the tcindex
classifier (part of the network QoS subsystem of the Linux kernel):
CVE-2023-1281 Race condition leading to an use-after-free when
updating imperfect hash filters
CVE-2023-1829 Use-after-free when deleting a perfect hash filter
# Impact / mitigation:
Both of these vulnerabilities can be used for local privilege escalation.
The attacker needs CAP_NET_ADMIN to create/change...
09:24
Tesla Employees Reportedly Shared Videos Captured by Cameras on Customers' Cars SoylentNews
They even shared a clip of a child being hit by a car:
Some Tesla workers shared sensitive photos and videos captured by the cameras on owners' cars between each other for several years, according to Reuters. Former employees told the outlet that colleagues shared the images in group chats and one-on-one communications between 2019 and last year.
One such video showed a Tesla driving at high speed before hitting a child on a bike, Reuters reported. Other footage included things like a nude man walking toward a vehicle. "We could see them doing laundry and really intimate things. We could see their kids," one of the former employees said.
[...] The company states in its customer privacy notice that it designed the camera system to protect user privacy. It says that even if owners opt in to share camera recordings with Tesla for "fleet learning" purposes, "camera recordings remain anonymous and are not linked to you or your vehicle" unless it receives the footage due to a safety event, such as a crash or an airbag deployment. Even so, one employee said it was possible for Tesla data labelers to see the location of captured footage on Google Maps.
Tesla does not have a communications department that can be reached for comment.
Read more of this story at SoylentNews.
09:00
Mag Loop Antenna has a Brain Hackaday
Magnetic loop antennas are great if you are limited on space since they are just a potentially small loop of wire. The problem is, they are sharply tuned. You normally have an adjustment capacitor to tune the antenna to different frequencies. [TekMakerUK] built one with a motor and an Arduino that he can tune from an Android phone. You can see more about the project in the video below.
If you want to transmit, the capacitor is often the weak part of the system. Luckily, some old gear yielded a capacitor with multiple sections and enough plate distance to handle the 5W desired. Of course, motor driving a capacitor isnt a new idea, but this setup is nice since it uses a stepper motor and a rotary encoder.
For now, the control just moves the stepper to a particular
position, but long term, there are plans to have presets for each
band that the Arduino can set from a single command. You might
wonder how the stepper knows where it is since there are no limit
switches. It turns out he just stalls the motor and assumes it is
at the far limit and then moves it to the other limit (see
initMotor) in the GitHub source code.
Loops are easy to hide. This isnt, of course, the first...
08:21
QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks HackRead | Latest Cybersecurity and Hacking News Site
Citizens Lab and Microsoft have exposed an Israeli firm, QuaDream, selling spyware to governments around the world.
This is a post from HackRead.com Read the original post: QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks
07:00
Nginx 1.24 Released With TLSv1.3 Protocol Enabled By Default Phoronix
06:39
Satellite Imagery Reveals Hidden Tornado Tracks SoylentNews
The analysis could help researchers study storms that strike in the winter:
When a strong tornado roars through a city, it often leaves behind demolished buildings, broken tree limbs and trails of debris. But a similarly powerful storm touching down over barren, unvegetated land is much harder to spot in the rearview mirror.
Now, satellite imagery has revealed a 60-kilometer-long track of moist earth in Arkansas that was invisible to human eyes. The feature was presumably excavated by a tornado when it stripped away the uppermost layer of the soil, researchers report in the March 28 Geophysical Research Letters. This method of looking for "hidden" tornado tracks is particularly valuable for better understanding storms that strike in the winter, when there's less vegetation, the researchers suggest. And recent research has shown that wintertime storms are likely to increase in intensity as the climate warms (SN: 12/16/21).
[...] Swirling winds, even relatively weak ones, can suction up several centimeters of soil. And since deeper layers of the ground tend to be wetter, a tornado ought to leave behind a telltale signature: a long swath of moister-than-usual soil. Two properties linked with soil moisture level its texture and temperature in turn impact how much near-infrared light the soil reflects.
Wang and his collaborators analyzed near-infrared data collected by NASA's Terra and Aqua satellites and looked for changes in soil moisture consistent with a passing tornado.
Read more of this story at SoylentNews.
06:00
Truckla Gets an Open Source Charging Buddy Hackaday
More than three years have passed since Tesla announced its Cybertruck, and while not a one has been delivered, the first Tesla truck, Truckla, has kept on truckin. [Simone Giertz] just posted an update of what Truckla has been up to since it was built.
[Giertz] and friends DIT (do-it-together) truck was something of an internet sensation when it was revealed several m...
05:34
A By-Design flaw in Microsoft Azure can allow storage accounts takeover Security Affairs
A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code.
Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets. The issue can also be abused to move laterally in the environment and even execute remote code.
Microsoft already recommends disabling shared key access and using Azure Active Directory authentication instead, but experts pointed out that shared key authorization is still enabled by default when creating storage accounts.
Orca discovered that it is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access tokens of higher privileged identities, move laterally, access critical business assets, and execute remote code (RCE). reads the advisory published by the security firm.
Azure storage accounts can host different data objects, such as blobs and file shares. By default, Azure Storage account requests can be authorized with either Azure Active Directory (Azure AD) credentials or by using the account access key for Shared Key authorization.
Every time users create a storage account, Azure generates two 512-bit storage account access keys for the account. Microsoft warns that anyone who can obtain one of these keys can authorize access to data via Shared Key Authorization and get access to a storage account. The IT giant recommends using Azure AD authorization instead of Shared Key Authorization.
Access to the shared key grants a user full access to a storage accounts configuration and its data. states Microsoft.
Once obtained full-access permission to storage accounts, an attacker within the cloud environment can access information in storage accounts, including Azure functions sources, and manipulate their code to steal and...
05:26
Ukrainian Hackers Breach Email of APT28 Leader, Whos Wanted by FBI HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
APT28, or Fancy Bear, is a Russian government-backed nefarious hacking group known for using spear-phishing campaigns against its targets.
This is a post from HackRead.com Read the original post: Ukrainian Hackers Breach Email of APT28 Leader, Whos Wanted by FBI
04:33
Youtube-dl Hosting Ban Paves the Way to Privatized Censorship TorrentFreak
In 2020, the RIAA
infuriated many players in the open source community by
targeting YouTube-ripping tool youtube-dl.
The RIAA sent a takedown notice to GitHub, alleging that the software bypassed technological protection measures, in violation of the DMCA.
GitHub initially complied but later changed course. After consulting legal experts, including those at the EFF, it restored the youtube-dl repository. GitHub also launched a million-dollar defense fund to assist developers in similar disputes.
Targeting Youtube-dls Host
This episode was a massive setback for the music industry, which had been fighting stream-ripping tools for years. However, instead of laying down their arms, the music companies went after Uberspace, youtube-dls website hosting company in Germany.
A few days ago this lawsuit resulted in a clear victory for Sony Entertainment, Warner Music Group and Universal Music. The district court of Hamburg essentially ruled that youtube-dl violates the law as it bypasses YouTubes technological protection measures.
Going one step further, the court also concluded that as a host, Uberspace can be held liable for youtube-dls activity. The hosting provider received a takedown notice for the website in the past but continued to host it. According to Uberspace, the software wasnt clearly illegal but the court ruled that the company should have known better.
With the dust beginning to settle, TorrentFreak spoke with Uberspace owner Jonas Pasche, who has decided to appeal the ruling. According to Pasche, the court made a big mistake that could have far-reaching consequences.
Uberspace Responds to Court Verdict
For starters, Pasche still doesnt believe that its clear that youtube-dl violates copyright law. More importantly for his own business, however, is the courts finding that a hosting company can be held liable for doubting the validity of a takedown request.
German law requires hosting companies to remove the content as soon as they learn about clear or obvious illegal activity. Thats an easy decision in many cases, but Uberspace paused for thought in youtube-dls case, presumably...
04:07
[$] Python 3.12: error messages, perf support, and more LWN.net
Python 3.12 approaches. While the full feature set of the final releaseslated for October 2023is still not completely known, by now we have a good sense for what it will offer. It picks up where Python 3.11 left off, improving error messages and performance. These changes are accompanied by a smattering of smaller changes, though Linux users will likely make use of one in particular: support for the perf profiler.
04:05
The U.S. Deserves Stronger Spyware Protections Than Bidens Executive Order Deeplinks
U.S. President Joe Biden has signed an executive order that limits U.S. government agencies from using commercially available spyware but that doesnt mean there will be no government use of spyware in the United States. Spyware is a type of malicious software (or malware) which allows someone to gain remote access to a targets device without the knowledge or consent of the device operator. This includes all of the data on it: messenger logs, photos, files, and contacts. It also gives the ability to conduct novel forms of real-time surveillance, for example, by accessing the devices microphone and cameras. This technique has been used by nation-states around the world to spy on journalists, dissidents, and minority groups.
Additionally, spyware allows governments to manipulate data on devices, including corrupting, planting, or deleting data, or recovering data that has been deleted, all while erasing any trace of the intrusion. There is a growing concern about law enforcement taking control of suspects' digital devices and tampering with their content.
The executive order arrived only days before revelations that the United States, which was previously thought to have steered clear of some of the most infamous foreign spyware products, actually had a contract to test and deploy the notorious Pegasus created by Israeli company NSO Group. The contract was signed under a fake name on November 8, 2021 between an organization that acts as a front for the U.S. government and an American affiliate of NSO group. Only...
04:00
Arizona State University Professors Work to Stabilize the Grid Pays Off IEEE Spectrum
Whenever new technologies are introduced into the power grid, theres always a chance they could disrupt the system, possibly even leading to blackouts.
Finding ways to deal with the impact on the grid caused by incorporating renewable energy has been the focus of Vijay Vittals research for nearly 20 years. He is a professor of power systems engineering in the Fulton program at Arizona State University, in Tempe.
The IEEE Life Fellow is credited with working out how best to isolate parts of the power grid to prevent the entire grid from going down.
He was part of an IEEE task force that in 2020 issued a report that described how equipment used for storing energy, transferring power over long distances, and integrating renewable energy could impact power system stability. The report recommended ways to characterize and define the problem.
Vijay Vittal
Employer
Arizona State University, in Tempe
Title
Regents professor of electrical, computer, and energy engineering
Member grade
Life Fellow
Alma mater
B.M.S. College of Engineering, in Bangalore
An article he cowrote that was based on the report received a 2022 IEEE Power & Energy Society Prize Paper Award.
The award was a welcome surprise, he says, though we thought the document turned out very well.
From synchronous machines to fast response power electronics
That article was an update of a 2004 article that Vittal coauthored as a member of a joint task force formed by the IEEE Power & Energy Society and CIGRE, an international association of power system professionals, headquartered in Paris.
03:57
Drivers in Europe Net Big Data Rights Win Against Uber and Ola SoylentNews
Drivers in Europe net big data rights win against Uber and Ola:
In a major win over opaque algorithmic management in the so-called gig economy an appeals court in the Netherlands has found largely in favor of platform workers litigating against ride-hailing giants Uber and Ola judging the platforms violated the drivers' rights in a number of instances, including when algorithms were involved in terminating driver accounts.
The court also ruled the platforms cannot rely on trade secrets exemptions to deny drivers access to their data. Although challenges remain for regional workers to use existing laws to get enough visibility into platforms' data processing to know what information to ask for to be able to meaningfully exercise their data access rights.
The appeal court rulings can be found here, here and here (in Dutch).
The appeal was brought by the not-for-profit data trust Worker Info Exchange (WIE) in support of members of the App Drivers & Couriers Union (ADCU) in the UK and a driver based in Portugal.
One case against Uber's robo-firings involved four drivers (three based in the UK, one in Portugal); a second case against Uber over data access involved six UK-based drivers; while a data access case against Ola involved thee UK-based drivers.
In the data access cases drivers were seeking information such as passenger ratings, fraud probability scores, earning profiles, as well as data on the allocation of journeys to drivers including Uber's batch matching and upfront pricing systems as well as information about the existence of automated decision-making touching their work on the platforms.
Several decisions taken by the ride-hailing platforms were found to meet the relevant legal test of automated decision-making including assigning rides; calculating prices; rating drivers; calculating 'fraud probability scores'; and deactivating drivers' accounts in response to suspicions of fraud meaning drivers are entitled to information on the underlying logic of these decisions. (And also to a right to meaningful human review if they object to decisions.)
Read more of this story at SoylentNews.
03:17
Links 11/04/2023: FreeBSD 13.2 is Out and Alyssa Rosenzweig Leaves Collabora Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Education
- Hardware
- Health/Nutrition/Agriculture
- Proprietary
- Security
- Defence/Aggression
- Transparency/Investigative Reporting
- Environment
- Finance
- AstroTurf/Lobbying/Politics
- Censorship/Free Speech
- Freedom of Information / Freedom of the Press
- Civil Rights/Policing
- Internet Policy/Net Neutrality
- Monopolies
-
GNU/Linux
-
Audiocasts/Shows
-
WordPress WP Briefing:...
-
-
03:14
Major Hack Hits South Korean Exchange GDAC, $13.9M Stolen HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
The hack took place on April 9, 2023, in which hackers gained control of some of the exchange's hot wallets.
This is a post from HackRead.com Read the original post: Major Hack Hits South Korean Exchange GDAC, $13.9M Stolen
02:32
Strategy Reporting Essentials: A Guide to Efficient Data Collection HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
In the dynamic world of business, the ability to make data-driven decisions is essential for organizations seeking a
This is a post from HackRead.com Read the original post: Strategy Reporting Essentials: A Guide to Efficient Data Collection
02:30
Firefox 113 Beta Adds Animated AV1 Image Support Phoronix
With Firefox 112 now released, Mozilla has promoted Firefox 113 to beta...
02:00
AMD CPUs Are Safe For Late-Loading Microcode, Will No Longer Taint The Linux Kernel Phoronix
Intel processors should have any CPU microcode updates loaded early during the Linux boot process to avoid various known issues. When "late loading" CPU microcode after the system is up and running, various issues can happen on Intel processors that led them to mark the Linux kernel as tainted under such conditions. Tainting the kernel also happened when late-loading microcode on AMD CPUs but now that's been deemed unnecessary and late-loading CPU microcode on AMD processors is reportedly safe...
01:59
Helsinki Times Shows Disturbing Trend of News Sites Which Falsely Market Themselves to Readers Techrights
Who pays for these promotional buses/trains?
But what does the company actually do?
Summary: There are many so-called news sites that operate similarly but arent ever telling this to their audience (readers are the real product, sold to the real clients, who are the marketers and lobbyists); this silent takeover by Public Relations (PR) nonsense or even disinformation campaigns has become rampant in todays World Wide Web; the Linux Foundation funds some of these sites
01:46
The latest release of FreeBSD, version 13.2, has been released. It contains lots of package upgrades including to OpenSSH 9.2p1, OpenSSL 1.1.1t, and OpenZFS 2.1.9. Other new features include upgrading the bhyve hypervisor to now support more than 16 virtual CPUs in a guest, a WireGuard VPN driver, netlink for network configuration, and lots more. See the release notes for more information.
01:45
MIT Technology Review is Running SPAM for Microsoft and Azure (Distracting From Mass Layoffs) Techrights
Two months ago: MIT Technology Review is Run by Microsoft India
This week:
Summary: Over the past couple of months MIT Technology Review ran endless Microsoft puff pieces (weve attempted never to link to them; this was a daily occurrence, sometimes the majority of all new content), but the sponsorship isnt so easy to hide anymore and it brings us back to the days MIT took bribes from Bill Gates via his close friend Jeffrey Epstein
01:30
It isnt WebAssembly, but it is Assembly in Your Browser Hackaday
You might think assembly language on a PC is passe. After all, we have a host of efficient high-level languages and plenty of resources. But there are times you want to use assembly for some reason. Even if you dont, the art of writing assembly language is very satisfying for some people like an intricate logic puzzle. Getting your assembly language fix on a microcontroller is usually pretty simple, but on a PC there are a lot of hoops to jump. So why not use your browser? Thats the point of this snazzy 8086 assembler and emulator that runs in your browser. Actually, it is not native to the browser, but thanks to WebAssembly, it works fine there, too.
No need to set up strange operating system environments or link to an executable file format. Just write some code, watch it run, and examine all the resulting registers. You can do things using BIOS interrupts, though, so if you want to write to the screen or whatnot, you can do that, too.
The emulation isnt very fast, but if you are single-stepping or watching, thats not a bad thing. It does mean you may want to adjust your timing loops, though. We didnt test our theory, but we expect this is only real mode 8086 emulation because we dont see any protected mode registers. Thats not a problem, though. For a learning tool, youd probably want to stick with real mode, anyway. The...
01:28
Mesa 23.1 RADV Change Leads To ~60% Smaller Single File Disk Cache Phoronix
For those making use of Mesa's single-file on-disk shader cache, with the upcoming Mesa 23.1 release there will be increased space savings with the Radeon Vulkan (RADV) driver...
01:22
Paul Thomas Anderson: Masterworks Lifeboat News: The Blog
An illustrated mid-career monograph exploring the 30-year creative journey of the 8-time Academy Award-nominated writer and director
Paul Thomas Anderson has been described as one of American films modern masters and the foremost filmmaking talent of his generation. Andersons lms have received 25 Academy Award nominations, and he has worked closely with many of the most accomplished actors of our time, including Lesley Ann Manville, Julianne Moore, Daniel Day-Lewis, Joaquin Phoenix, and Philip Seymour Homan. In Paul Thomas Anderson: Masterworks, Andersons entire careerfrom Hard Eight (1996), Boogie Nights (1997), Magnolia (1999), Punch Drunk Love (2002), There Will Be Blood (2007), The Master (2012), Inherent Vice (2014), and Phantom Thread (2017) to his music videos for Radiohead to his early short lmsis examined in illustrated detail for the rst time.
Andersons inuences, his style, and the recurring themes of alienation, reinvention, ambition, and destiny that course through his movies are analyzed and supplemented by rsthand interviews with Andersons closest collaboratorsincluding producer JoAnne Sellar, actor Vicky Krieps, and composer Jonny Greenwoodand illuminated by lm stills, archival photos, original illustrations, and an appropriately psychedelic design aesthetic. Masterworks is a tribute to the dreamers, drifters, and evil dentists who populate his world.
01:22
Jeff Bezos is looking to defy death. This is what we know about the science of aging Lifeboat News: The Blog
Never listen to anyone who says the big questions have already been answered. We still have plenty to learn about extending our lifespans.
01:19
Automotive Radar Object Simulation for Validation IEEE Spectrum
This is a sponsored article brought to you by Rohde & Schwarz.
Homologation and validation of new vehicle models today require millions of test kilometers to be driven under different environmental conditions, on different types of roads in various countries around the world.
Due to the increased complexity of automated driving (AD) and
advanced driver-assistance systems (ADAS) functions, and new
developments in radar technology, testing efforts expand very
quickly. Just relying on road testing is no longer
practical.
The Rohde & Schwarz radar test system opens a completely new field of possibilities for testing radar-based ADAS and AD features to ensure correct operation in hardware-in-the-loop (HiL) and vehicle-in-the-loop (ViL) testbeds.
In addition, scenario testing of autonomous driving functions on the public roads can be dangerous, and under conditions that are not easily reproducible.
As a result, hardware-in-the-loop (HiL) and vehicle-in-the-loop (ViL) scenario testing of automotive radar is gaining importance.
Your challenges:
- End-to-end verification, validation, calibration or homologation of AD/ADAS functions at component and full-vehicle level
- Reproducing complex traffic scenarios, automotive radar object simulation over-the-air
- Ensuring the radar target generation test equipment is scalable and has the technical specifications to cover the increasing number of targets, and future complex scenarios
- Meeting the increased test-complexity requirements of ADAS target simulation while minimizing costs and accelerating time-to-market
RTS features:
- Automotive radar target simulator for driving scenario testing that can be easily defined and executed with the highest reproducibility
- Complex automotive radar object simulations including multiple sensors, over-the-air
- Increased accuracy and repeatability from fully-electronic antenna arrays
- Fully scalable, covering all use cases from R&D to production, easily upgradable to cover future requirements
01:12
Combined Review and Tutorial Around the RUT-240 SoylentNews
Routing 4G cellular data to a BSD network using bridge mode on the RUT-240:
The RUT-240 from Teltonika networks is a small and fairly inexpensive 4G router which is commonly used to provide internet connectivity for remote devices that are either in locations without regular fixed-line broadband, or where high availability is required. Think smart meters, monitoring systems, and so on.
In the case of high availability, the RUT-240 is connected in line with a conventional internet router, and it's own cellular connection is only used when a lack of connectivity is detected. Both of these configurations often involve the use of a special SIM card, to which the cellular operator has provisioned a static, public IP address, thus allowing inbound connections to the connected remote devices, (as well as access to the router itself for configuration and admin purposes).
[...T]oday we're going to use our RUT-240 for a completely different purpose. No special SIM required, and we're not going to be travelling out in to the wilds either. Just a regular pre-paid SIM, and the normal office surroundings.
Instead, we'll be exploring the use of this router as a backup connection for an existing OpenBSD-based router, or even - within limits - as a replacement for fixed line broadband. This latter option might make sense on a short term basis in a new office that hasn't been fully connected yet, or in a temporary office in an awkward location where DSL or fibre isn't available. Attending a conference, but all the decent hotels are fully booked? Stuck on a boat in dry dock? Not a problem!
Read more of this story at SoylentNews.
00:46
Whole Foods Closes Flagship San Francisco Store Due To Employee Safety Concerns cryptogon.com
Via: ZeroHedge: Its yet another story of a major company leaving a U.S. city: this time, its a Whole Foods in San Francisco that is closing after barely being open for a year. The location in question is a 64,000 flagship Whole Foods store that you just know the company wouldnt be closing down unless []
00:37
Uranus: Diamond Rain, Bright Rings Centauri Dreams Imagining and Planning Interstellar Exploration
Thinking about the ice giants, as I have been doing recently in our look at fast mission concepts, reminds me of the diamond rain notion that has grown out of research into experiments with the temperatures and pressures found inside worlds like Uranus and Neptune. The concept isnt new, but I noted some months ago that scientists at the Department of Energys SLAC National Accelerator Laboratory had been studying diamond formation in such worlds in the presence of oxygen. Oxygen, it turns out, makes it more likely that diamonds form that may grow to extreme sizes.
So let me turn back the clock for a moment to last fall, when news emerged about this exotic precipitation indicating that it may be more common than we had thought. Using a material called PET (polyethylene terephthalate), the SLAC researchers created shock waves within the material and analyzed the result with X-ray pulses. The scientists used PET because of its balance between carbon, hydrogen and oxygen, components more closely mimicking the chemical composition of Neptune and Uranus.
While earlier experiments had used a plastic material made from hydrogen and carbon, the addition of oxygen made the formation of diamonds more likely, and apparently allowed them to grow at lower temperatures and pressures than previously thought possible. The team, led by Dominik Kraus (SLAC/University of Rostock), suggests that such diamonds under actual ice giant conditions might reach millions of carats in weight, forming a layer around the planetary core. Silvia Pandolfi, a SLAC scientist involved in this work, was quoted in a SLAC news release last September:
We know that Earths core is predominantly made of iron, but many experiments are still investigating how the presence of lighter elements can change the conditions of melting and phase transitions. Our experiment demonstrates how these elements can change the conditions in which diamonds are forming on ice giants. If we want to accurately model planets, then we need to get as close as we can to the actual composition of the planetary interior.
Image: Studying a material that even more closely resembles the composition of ice giants, researchers found that oxygen boost...
00:22
Mexico Battles U.S. Government and Mr. Monsanto to Protect Food Sovereignty cryptogon.com
Via: The Last American Vagabond: Despite legal threats from the U.S. government, Mexicos government plans to go forward with a partial ban on imports of genetically modified corn. On Wednesday Mexicos National Council for Science and Technology (CONACYT) hosted an online webinar laying out the science behind the nations decision to ban imports of Genetically []
00:20
CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Open Source Security
Posted by Charles Zhang on Apr 11
Severity: importantDescription:
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software
Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType"
parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username
of the user with ID 1 from the...
00:16
A draft Rust trademark policy LWN.net
A draft updated trademark policy for the Rust language is being circulated for comments. It is not a short read.
RS can be used freely and without permission to indicate that software or a project is derived from or based on Rust, compatible with Rust, inspired by Rust, or can be used for the same purpose as Rust. We recommend using RS instead of Rust if you have any concerns about your use falling outside of this policy, for example, naming your crate foo-rs instead of rust-foo.
Some discussion can be found in this Reddit post.
00:16
Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach Security Affairs
Yum! Brands, the company that owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach after the January ransomware attack.
On January 13, 2023, Yum! Brands suffered a cyberattack that forced the company to take its systems offline closing roughly 300 restaurants in the UK for one day.
Now the company, which owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach and revealed that ransomware actors have stolen personally identifiable information (PII) of an unspecified number of individuals.
The data breach notification letter sent to potentially impacted individuals states that personal information was exposed, including names, drivers license numbers, Non-Driver Identification Card Number, and other types of personal identifiers.
Yum! Brands pointed out that they have no evidence of identity theft or fraud involving exposed data.
As we announced publicly in mid-January, Yum! experienced a cybersecurity incident involving unauthorized access to certain of our systems on or around January 13, 2023. Upon discovery, we took steps to lock down impacted systems, notified federal law enforcement authorities, worked with leading digital forensics and restoration teams to investigate and recover from the incident, and deployed enhanced 24/7 detection and monitoring technology. reads the data breach notification letter. Our review determined that the exposed files contained some of your personal information.
The company investigated the security breach with the help of third-party cybersecurity experts, to identify the scope of the incident.
At this time, Yum! Brands has yet to determine the exact number of impacted individuals.
The company is also providing complimentary credit monitoring and identity protection services for two years via IDX.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: ...
00:15
Estonian Arrested: Accused of Supplying Hacking Tools to Russia HackRead | Latest Cybersecurity and Hacking News Site
Shevlyakov obtained delicate electronic equipment from American manufacturers for the use of Russian end-users, such as defence contractors and other government agencies
This is a post from HackRead.com Read the original post: Estonian Arrested: Accused of Supplying Hacking Tools to Russia
00:12
Neil deGrasse Tyson Melts Down on The Highwire cryptogon.com
Its difficult to watch, but Tysons spectacular self immolation does produce warm, glowing schadenfreude. Via: Peak Prosperity: Related: Neil deGrasse Tyson on The Highwire
00:00
A Miniature MNT For Every Pocket Hackaday
Last time Hackaday went hands on with a product from German company MNT, it was the Reform laptop; a full size computer with a full feature set and fully open source design. Now theyre back with the same value proposition and feature set crammed into a much more adorable (and colorful!) package with the MNT Pocket Reform. If you want the big Reforms open source philosophy in a body fit for a coat pocket, this might be the computing device for you.
To refresh your memory, MNT is a company that specializes in open source hardware and the software to support it. They are probably best known for the Reform, their first laptop. Its marquis feature is a fully open design, from the mechanical components (designed with OSS tools) to the PCBAs (designed with KiCad) to the software (designed with, uh, software). When originally shipped that product packed a DIMM-style System On Module (SOM) with a default configuration containing a quad core NXP i.MX8M Quad and 4GB of RAM, as well as mini PCIe Card and M key m.2 2280 slots on the motherboard for storage and connectivity. That computer was designed to be easily serviceable and included a plethora of full sized ports along with easy to source cylindrical battery cells. The Pocket Reform takes the same intent and channels it into a much smaller package.
Speeds and Feeds
Tuesday, 11 April
23:55
BigIDs data minimization capabilities enable organizations to identify duplicate data Help Net Security
BigID launched ML-powered solution for finding duplicate and similar data content. The innovative technology uses AI to locate both similar and duplicate data on any data set, enabling organizations to identify duplicate data as well as redundant, obsolete, or trivial (ROT) data. These transformative capabilities mean that organizations can reduce their storage cost, accelerate compliance, and improve cybersecurity across their environment. Duplicate and redundant data are a treasure trove for cybercriminals exponentially increasing the More
The post BigIDs data minimization capabilities enable organizations to identify duplicate data appeared first on Help Net Security.
23:54
Beware of companies offering paid sextortion assistance Help Net Security
Sextortion victims are already in a vulnerable position, and shady companies are taking advantage of this vulnerability to offer sextortion assistance services for huge sums services that they may be unable to render or that wont help the victims in any way. The rise of the sextortion assistance scam In December, 2022, the FBI warned about the increasing number of sextortion attacks against children and teens. Over 7,000 cases of online financial sextortion of More
The post Beware of companies offering paid sextortion assistance appeared first on Help Net Security.
23:51
And Now Gavin Newsom Might Run for President [???] cryptogon.com
Mmm hmm. Via: Fox:
23:41
Security updates for Tuesday LWN.net
Security updates have been issued by Debian (keepalived and lldpd), Oracle (kernel), and SUSE (kernel, podman, seamonkey, and upx).
23:25
ThreatX Runtime API & Application Protection goes beyond basic observability Help Net Security
ThreatX has unveiled ThreatX Runtime API & Application Protection (RAAP). This patent-pending capability goes beyond basic observability to extend threat detection, tracking and blocking to customers runtime environments, without slowing developers or requiring expertise in cloud-native applications. As organizations transition apps and workloads to the cloud, often across multi-cloud environments, attackers seek new ways to access sensitive data. While the Log4Shell vulnerability served as a wake-up call to runtime threats, shoring up these gaps is More
The post ThreatX Runtime API & Application Protection goes beyond basic observability appeared first on Help Net Security.
23:22
Could this folding buggy be destined for Chinas future lunar base? Lifeboat News: The Blog
The Cubic Emergency Lunar Vehicle of China can be folded and tucked into the back of a regular roving vehicle and when in use can travel up to 10km/h on the moons surface, say researchers.
23:01
How to upgrade Red Hat Ansible Automation Platform Linux.com
Consider the variables when planning and executing your AAP or Tower upgrade and learn what makes sense for your scenario.
Read More at Enable Sysadmin
The post How to upgrade Red Hat Ansible Automation Platform appeared first on Linux.com.
23:00
Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers The Hacker News
A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and
22:50
Syxsense platform updates simplify endpoint security and management Help Net Security
Syxsense has released new updates to the Syxsense product suite designed to extend automated workflow capabilities, improve usability, and enhance overall platform security. Key to this release is the introduction of Cortex Sequences, which uses the power of automation to chain together workflows or playbooks, further enabling Syxsense customers to have intelligent endpoints that can simplify endpoint security and management. With todays complex digital infrastructure and cybersecurity landscape, organizations are increasingly relying on automation to More
The post Syxsense platform updates simplify endpoint security and management appeared first on Help Net Security.
22:42
CVE-2017-11164 - stack exhaustion in PCRE Open Source Security
Posted by Sevan Janiyan on Apr 11
Hi,CVE-2017-11164 landed some years back[1] for PCRE 8.x and is marked
up with a high base score on the article[2], yet no fix was ever listed
and is still commonly packaged, so I asked Philip Hazel (the PCRE
maintainer) regarding the issue, and this is what Philip said
"Stack exhaustion is a FEP (frequently encountered problem) in PCRE1
(the 8.xx series). There are various limiting options that the user can
apply to limit stack usage....
22:30
Intel Back To Working On Key Locker For Linux After Tackling Big Performance Issue Phoronix
Going back to 2020 Intel's open-source engineers have been working on Key Locker support for Linux for that hardware feature introduced with Tigerlake CPUs. The Key Locker Linux support has been worked on now for nearly three years and finally after a significant performance issue now being addressed with forthcoming firmware...
22:29
Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security The Hacker News
Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages
22:23
Now We Know How a Solar Storm Took Out a Fleet of Starlinks SoylentNews
Now We Know How a Solar Storm Took Out a Fleet of Starlinks:
On March 23rd, sky observers marvelled at a gorgeous display of northern and southern lights. It was reminder that when our Sun gets active, it can spark a phenomenon called "space weather." Aurorae are among the most benign effects of this phenomenon.
At the other end of the space weather spectrum are solar storms that can knock out satellites. The folks at Starlink found that out the hard way in February 2022. On January 29th that year, the Sun belched out a class M 1.1 flare and related coronal mass ejection. Material from the Sun traveled out on the solar wind and arrived at Earth a few days later. On February 3, Starlink launched a group of 49 satellites to an altitude only 130 miles above Earth's surface. They didn't last long, and now solar physicists know why.
A group of researchers from NASA Goddard Space Flight Center and the Catholic University of America took a closer look at the specifics of that storm. Their analysis identified a mass of plasma that impacted our planet's magnetosphere. The actual event was a halo coronal mass ejection from an active region in the northeast quadrant of the Sun.
The material traveled out at around 690 kilometers per second as a shock-driving magnetic cloud. Think of it as a long ropy mass of material writhing its way through space. As it traveled, it expanded and at solar-facing satellitesincluding STEREO-A, which took a direct hit from itmade observations. Eventually, the cloud smacked into Earth's magnetosphere creating a geomagnetic storm.
One of the side effects of space weather that can affect satellites is warming in a region called the "thermosphere". That increased the density of the upper atmosphere over a short amount of time and caused it to swell up. A denser atmosphere causes a phenomenon called "atmospheric drag". Essentially, the thicker atmosphere slows down anything moving through. It also heats things up.
Read more of this story at SoylentNews.
22:05
Links 11/04/2023: GNU Parted 3.6 and More Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Instructionals/Technical
-
21:42
[eBook] A Step-by-Step Guide to Cyber Risk Assessment The Hacker News
In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. Yet at the same time, security leaders are also under tremendous pressure to reduce costs and invest wisely. One of the most effective ways for CISOs and
21:00
IBM Selectric Typewriters Finally Get DIY Typeballs Hackaday
IBMs Selectric line of typewriters were quite popular in the 1960s, thanks in part to an innovation called the typeball which allowed for easy font changes on a single machine. Unfortunately, as if often the case when specialized components are involved, its an idea that hasnt aged particularly well. The Selectric typewriters are now around 60 years old and since IBM isnt making replacement parts, those restoring these machines have had to get somewhat creative like using a 3D printer to build new typeballs.
21:00
AMD Phoenix Support Progressing For Coreboot, New Google Chromebook Added Phoronix
AMD and their partners continue working on bringing up Coreboot for the Ryzen Mobile 7040 Series "Phoenix" support for those very interesting forthcoming mobile processors with Zen 4 CPU cores and RDNA3 graphics...
20:49
Russia Launches Anti-VPN Scare Campaign to Support Its VPN Blocking TorrentFreak
VPN providers with any infrastructure in Russia have
experienced problems for years.
Todays bottom line for anonymizing privacy services is that they must comply with Russias site-blocking demands and open up themselves up to scrutiny. Since the alternative is to break the law and face the consequences, many providers have pulled out of Russia completely.
In the wake of Russias invasion of Ukraine in February 2022, telecoms watchdog Rozkomnadzor stepped up its campaign against search engines. Demands to delist hundreds of thousands of VPN-related URLs from search results run alongside questionable requests to remove other content.
Despite renewed crackdowns on VPNs and Tor, it seems likely that Russia understands that short of blocking everything, blocking every VPN service and thousands of apps that constantly surface is impossible. As such, other methods are being explored.
Anti-VPN Scare Campaign
Public Service Announcements (PSA) have been deployed to nudge citizens in the right direction on genuine issues of public welfare for decades. Theyre also used to direct behavior in a way that benefits governments and corporations while making it appear that the interests of citizens are paramount.
Currently being spread via social media, the general premise of Russias anti-VPN campaign is that since no VPN service can be trusted with users private data, using a VPN is worse for privacy than not using a VPN at all.
The campaign is the work of ROCIT, which describes itself as a public organization that unites active Internet users in Russia. Funded by the Ministry of Digital Development, Communications and Mass Media (Minkomsvyaz), ROCIT issues advice on piracy, net neutrality and other internet-related issues, in line with government policy.
Campaign Videos
PSA 1: Your Data Can Be Leaked Online Due to VPN
ROCIT advice: VPN services accumulate a huge amount of personal data, including information about bank cards and perso...
20:37
Apple released emergency updates to fix recently disclosed zero-day bugs on older devices Security Affairs
Apple released updates to backport patches addressing two actively exploited zero-day vulnerabilities in older iPhones, iPads, and Macs.
Apple has released emergency updates to backport security patches that address two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.
On April 7, 2023, Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, impacting iPhones, Macs, and iPads.
Impacted devices include:
- iPhone 8 and later,
- iPad Pro (all models),
- iPad Air 3rd generation and later,
- iPad 5th generation and later,
- iPad mini 5th generation and later,
- and Macs running macOS Ventura.
The zero-day CVE-2023-28205 is a use after free issue that resides in the WebKit, its exploitation may lead to arbitrary code execution. An attacker can trigger the flaw by tricking the victims into loading maliciously crafted web pages. The IT giant addressed the flaw with improved memory management.
The zero-day CVE-2023-28206 is an out-of-bounds write issue that resides in the IOSurfaceAccelerator. The company addressed the flaw with improved input validation.
Apple addressed the zero-day issue with the release of macOS Ventura 13.3.1, iOS 16.4.1, iPadOS 16.4.1, and Safari 16.4.1.
Both vulnerabilities were reported by Clment Lecigne of Googles Threat Analysis Group and Donncha Cearbhaill of Amnesty Internationals Security Lab.
On April 10, 2023, US Cybersecurity and Infrastructure Security Agency (CISA) added the two vulnerabilities to its Known Exploited Vulnerabilities catalog.
Today, Apple extended the security updates to the following devices with the release of iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6:
- iPhone 6s (all models),
- iPhone 7 (all models),
- iPhone SE (1st generation),
- iPad Air 2,
- iPad mini (4th generation),
- iPod touch (7th generation),
- and Macs running macOS Monterey and Big Sur.
Please vote for Security Affairs (...
20:20
Lucky 13? AMD Pensando Elba SoC Linux Enablement Revised The 13th Time Phoronix
For more than one year and now up to thirteen rounds of patch review, the AMD Pensando Elba SoC support continues in its trek toward the mainline Linux kernel...
20:02
CentOS Reminds Everyone End-Of-Life Is Coming For CentOS Linux 7, CentOS Stream 8 Phoronix
The CentOS Project has sent out a reminder of end-of-life dates for CentOS Linux 7 and CentOS Stream 8...
19:43
FreeBSD 13.2 Released With WireGuard Driver, ASLR By Default For 64-bit Executables Phoronix
Following some minor delays due to additional release candidates, FreeBSD 13.2-RELEASE is now officially available as this latest FreeBSD operating system update ahead of FreeBSD 14.0 debuting this summer...
19:42
Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206) Help Net Security
Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by researchers Clment Lecigne of Googles Threat Analysis Group (TAG) and Donncha Cearbhaill, the head of Amnesty Internationals Security Lab, the vulnerabilities have been exploited in tandem to achieve full device compromise with the likely (though not confirmed) goal to install spyware on target devices. About the vulnerabilities CVE-2023-28205 is a use More
The post Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206) appeared first on Help Net Security.
19:34
No NGO Has Been Allowed to See Julian Assange Since Four Years Ago SoylentNews
Democracy Now has a brief interview with a representative from Reporters Without Borders (RSF) on their latest attempt to meet Julian Assange inside Belmarsh high-security prison in the UK. Despite being granted approval, the RSF secretary-general and executive director Christophe Deloire and the others with him were denied entry. No other non-governmental agency has been able to meet with Assange in the last four years either.
CHRISTOPHE DELOIRE: So, what happened is that in the past years we requested to be able to visit Julian in his jail. We got an approval recently, which was confirmed on March 21st with a number, an official number, for myself and my colleague, Rebecca Vincent, and we were invited to come to the prison.
And when we just arrived, the guy at the desk, when he saw my passport, he suddenly was very stressed, and that taking a paper on his office on his desk, and that read it, saying, "According to Article" I do not remember the number of the article, but according to this article, "you are not allowed to visit Julian Assange. This is a decision that has been made by the governor of the Belmarsh prison, based on intelligence that we had" I quote him "that you are journalists."
And it doesn't make sense at all, first, because, personally, I've been a journalist since 1996, and we were vetted, so it was never a mystery that I was a journalist, never a secret. Second, my colleague wasn't a journalist herself. And we came here not as journalists, but as representatives of an international NGO with a constitutive status in many international organizations. So it was really as Reporters Without Borders representatives, not as reporters covering the case. So, it doesn't make sense for this second reason. And there is a third reason for which it doesn't make sense, is that already two journalists, at least, have been able to visit him in jail in the past four years. So
Previously:
(2022) Biden
Faces Growing Pressure to Drop Charges Against Julian
Assange
(2022) Assange
Lawyers Sue CIA for Spying on Them
(2022) Julian
Assange's Extradition to the US Approved by UK Home
Secretary
(2021) Key
Witness in Assange Case Jailed in Iceland After Admitting to Lies
and Ongoing Crime Spree
(2019) Top
Assange Defense Account Suspended By Twitter
(2019)...
19:16
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages The Hacker News
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary
18:38
BSD Release: FreeBSD 13.2 DistroWatch.com: News
Colin Percival has announced the release of FreeBSD 13.2, the that focuses on features, speed and stability: "The FreeBSD Release Engineering team is pleased to announce the availability of FreeBSD 13.2-RELEASE. This is the third release of the stable/13....
18:00
Retired Welding Robot Picks Up Side Hustle as CNC Router Hackaday
Who says you cant teach an old robot new tricks? Nobody, actually. That saying is about dogs. But it applies to robots too, at least judging by the way this late-90s industrial beast was put to use in a way it was never intended: as a giant CNC router.
The machine in question is an ABB IRB6400, a six-axis, floor-mounted industrial machine that had a long career welding at a Eurorail factory in Austria before [Brian Brocken] made its acquaintance. He procured the non-working machine no word on what he paid for it and moved the 2-ton paperweight into his shop, itself a non-trivial endeavor. After a good scrubbing, [Brian] tried to get the machine started up. An error prevented the robot controller from booting; luckily, theres a large community of ABB users, and [Brian] learned that one of the modules in the controller needed replacement.
After fixing that and swapping out the controllers long-dead backup batteries, plus replacing the original 1.44 MB floppy drive with a USB drive he was able to bring the machine back to life. Unfortunately, the limited amount of internal memory made it difficult to use for anything complicated, so [Brian] came up with...
17:49
A cyber attack hit the water controllers for irrigating fields in the Jordan Valley Security Affairs
A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation.
A cyberattack blocked several controllers for irrigating fields in the Jordan Valley. The systems operated by the Galil Sewage Corporation monitor the irrigation process and wastewater treatment in the Jordan Valley.
The company experts spent the entire day recovering the operations, at this time the source of the attack is still unclear.
The management for both major systems was pushing all of Sunday morning to work through the issue and bring the systems back into full operation. reported the Jerusalem Post.
Local authorities were aware of the risk of a cyberattack and informed farmers in the region. Some of the farmers disconnected their irrigation systems from the Internet and switched them to manual operation.
The National Cyber Organization warned of the risk of cyber attacks that anti-Israeli hackers can carry out against national infrastructure during the month of Ramadan.
During the last week, private and government organizations in Israel were hit by massive cyber attacks that were part of the #OPIsrael campaign launched by hacktivists against Israeli critical infrastructure.
In November 2022, Ariel Stern, a former Israeli Air Force captain, warned that the US and Israel are still unprepared to defeat a cyber attack against the water sector that could be orchestrated by enemy states like Iran.
Stern highlighted the dangers for providers of critical infrastructure and issued his warning following the ransomware attack that in august disrupted the IT operations of South Staffordshire Water, a UK company supplying drinking water to 1.6M consumers daily.
The intelligence officer pointed out that nations like Russia, Iran, North Korea, and China have the capabilities to hit the water sector with dramatic consequences.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most...
17:01
IRC Proceedings: Monday, April 10, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-100423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-100423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-100423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-100423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:00
COVID Vaccine SheddingCanaries in the Mine Terra Forming Terra
We are getting various related effects that we do not expect and
whose biological pathways are obscure. They are at least rare
enough. Still seriously unwelcome to encounter.
The Shroud of Turin: Myth or Miracle? Terra Forming Terra
An Introduction to the Book of John Terra Forming Terra
16:53
Sirius Open Source: Secrets, NDAs, Bullying, and Threats schestowitz.com
Video
download link | md5sum
819584aa5aa6510b785e6a76e1fcbbf7
Sirius Victims Out the Woodwork
Creative Commons Attribution-No Derivative Works 4.0
Summary: Were learning or becoming informed of some more crimes of Sirius Open Source (a company we left over 4 months ago); the video above explains that the company or its boosters (maybe shills) resort to intimidation tactics and threats (familiar tactics), having not just lost key staff (including the CEO) but also found itself unable to recruit
NOW that people are speaking out about what the company did to them even a decade ago I thought Id mention a bunch of old stories about what the company did to staff, clients, and suppliers.
The company may not last much longer (maybe weeks or months), pension providers have resorted to stalling tactics and lies (covering their own behinds), but we need to properly explain what happened, more so after Bill Gates had passed some money to the CEO under an NDA.
Whether Sirius was sabotaged or simply sabotaged itself is something for historians to decide. NDAs make its exceptionally hard to figure out what really happened.
16:49
Sirius Open Source Unopened: History of Threatening People and Intimidating Critics Was Always a Bad Strategy Techrights
Video
download link | md5sum
819584aa5aa6510b785e6a76e1fcbbf7
Sirius Victims Out the Woodwork
Creative Commons Attribution-No Derivative Works 4.0
Summary: Were learning or becoming informed of some more crimes of Sirius Open Source (a company we left over 4 months ago); the video above explains that the company or its boosters (maybe shills) resort to intimidation tactics and threats (familiar tactics), having not just lost key staff (including the CEO) but also found itself unable to recruit
NOW that people are speaking out about what the company did to them even a decade ago I thought Id mention a bunch of old stories about what the company did to staff, clients, and suppliers.
Whether Sirius was sabotaged or simply sabotaged itself is something for historians to decide.The company may not last much longer (maybe weeks or months), pension providers have resorted to stalling tactics and lies (covering their own behinds), but we need to properly explain what happened, more so after Bill Gates had passed some money to the CEO under an NDA.
Whether Sirius was sabotaged or simply sabotaged itself is something for historians...
16:48
Inside the Bitter Campus Privacy Battle Over Smart Building Sensors SoylentNews
Inside the bitter campus privacy battle over smart building sensors:
"The initial step was to ... see how these things behave," says Herbsleb, comparing the Mites sensors to motion detectors that people might want to test out. "It's purely just, 'How well does it work as a motion detector?' And, you know, nobody's asked to consent. It's just trying out a piece of hardware."
Of course, the system's advanced capabilities meant that Mites were not just motion detectorsand other department members saw things differently. "It's a lot to ask of people to have a sensor with a microphone that is running in their office," says Jonathan Aldrich, a computer science professor, even if "I trust my coworkers as a general principle and I believe they deserve that trust." He adds, "Trusting someone to be a good colleague is not the same as giving them a key to your office or having them install something in your office that can record private things." Allowing someone else to control a microphone in your office, he says, is "very much like giving someone else a key."
As the debate built over the next year, it pitted students against their advisors and academic heroes as wellalthough many objected in private, fearing the consequences of speaking out against a well-funded, university-backed project.
In the video recording of the town hall obtained by MIT Technology Review, attendees asked how researchers planned to notify building occupants and visitors about data collection. Jessica Colnago, then a PhD student, was concerned about how the Mites' mere presence would affect studies she was conducting on privacy. "As a privacy researcher, I would feel morally obligated to tell my participant about the technology in the room," she said in the meeting. While "we are all colleagues here" and "trust each other," she added, "outside participants might not."
Read more of this story at SoylentNews.
15:13
[Meme] More Money in McDonalds Than in Sirius Open Source Techrights
Sirius managers could not even get their grammar right. Sometimes they did not even pay the salary!
Summary: In 2023 Sirius Open Source wishes to pay GNU/Linux engineers as little as 20,000 pounds a year for an overnight job, including weekends and holidays, while secretly robbing them some more (and comparing them to monkeys); for comparisons sake, a McDonalds salary for Assistant Manager in the UK (daytime only, holidays taken off work) is higher than this. Remember that the company bags millions of pounds from public sector clients (taxpayers money) while bagging secret money from a corrupt oligarch under an NDA.
15:00
Your Multimeter Might Be Lying To You Hackaday
Multimeters are indispensable tools when working on electronics. Its almost impossible to build any but the most basic of circuits without one to test and troubleshoot potential issues, and they make possible a large array of measurement capabilities that are not easily performed otherwise. But when things start getting a little more complex its important to know their limitations, specifically around what they will tell you about circuits designed for high frequency. [watersstanton] explains in this video while troubleshooting an antenna circuit for ham radio.
The issue that often confuses people new to radio or other high-frequency projects revolves around the continuity testing function found on most multimeters. While useful for testing wiring and making sure connections are solid, they typically only test using DC. When applying AC to the same circuits, inductors start to offer higher impedance and capacitors lower impedance, up to the point that they become open and short circuits respectively. The same happens to transformers, but can also most antennas which often look like short circuits to ground at DC but can offer just enough impedance at their designed frequency to efficiently resonate and send out radio waves.
This can give some confusing readings, such as when testing...
15:00
Why its time to move towards a passwordless future Help Net Security
Adversaries dont need to use sophisticated methods to gain access to enterprise systems or to deploy ransomware they can just buy or steal credentials and log in. By burdening users with the near-impossible task of maintaining secure passwords, businesses ultimately give people a huge and unfair level of responsibility for security. As a result, many organizations are relying on what amounts to a roll of the dice to protect themselves and their customers from More
The post Why its time to move towards a passwordless future appeared first on Help Net Security.
14:46
On the Client Side, Linux Has Become Market Majority Techrights
Video download link |
md5sum b63a0c2d67b877a3efe281a8e187a103
GNU and Linux Rising
Creative Commons Attribution-No Derivative Works 4.0
Summary: If one counts Android as Linux, then its probably fair to say that nowadays most people already use Linux on the client side (the server side has been prominently GNU/Linux for a very long time) and if one counts Chrome OS as GNU/Linux (technically it is), then it seems reasonable to expect 10% market share by years end or some time next year
HOURS AGO we said that Windows Market Share is down From 80% to 26% in a Single Decade and nowadays Microsoft does not know how to stop this trend. Microsoft is the boy who cried "http://techrights.org/2023/04/02/saying-no-to-fentanylware/" title="Why Techrights Condones Fentanylware (TikTok) Ban and Suggests Extending Bans to Supposedly Good Fentanyl">FOMO tactics).
Android and Chrome OS are not freedom and weeks ago Richard Stallman told me that focusing on the need to replace Microsoft will (in his experience) lead to more people adopting Apple instead of GNU/Linux.The video above contains commentary about recent events/developments before discussing the growth of GNU/Linux, based on new data (for this month). At this point in time it makes sense to talk about Software Freedom, not just GNU/Linux. Android and Chrome OS are not freedom and weeks ago Richard Stallman told me that focusing on the need to replace Microsoft will (in his experience) lead to more people adopting Apple instead of GNU/Linux. While its true that Apple has serious issues right now (layoffs and sales slump), it does seem like some losses for Windows result in (or mean) gains for Apple. So lets focus on Software Freedom (the concept), not just brands.
14:30
Making risk-based decisions in a rapidly changing cyber climate Help Net Security
Nicole Darden Ford is Global VP & CISO at Rockwell Automation. As the companys cybersecurity leader, Nicole is entrusted to protect enterprise IT assets with scalable, future-ready platforms that enable the business. In addition to building cybersecurity programs for organizations across industries, including manufacturing, healthcare, and legal, Nicole has helped position two enterprises for IPOs. In this Help Net Security interview, Nicole reveals the three key indicators she uses to assess an industrial organizations cybersecurity More
The post Making risk-based decisions in a rapidly changing cyber climate appeared first on Help Net Security.
14:29
Running Techrights in 2023 Techrights
Summary: Weve evolved a lot this year; in 2022 I left my job at Sirius Open Source (turned out they had stolen money from me and from others) and as a result weve had a lot more capacity to expand and grow in reach
Just over a year ago I moved to another space in order to get my activism/reporting done. The photograph above is from the end of March in 2022 (compare to 2021), so a lot has changed (for the better) since then. Yesterday I made a lot of significant changes, including the addition of 3 large speakers Ive has since the early 1990s (they all still work; the same is true for my radio/alarm/clock) and today, after Easter, we resume as normal. We have much better tools, custom-made programs, to help us keep on top of news and to run all the services 24/7. A lot of the screens shown above are used for monitoring and communication.
We have much better tools,
custom-made programs, to help us keep on top of news and to run all
the services 24/7.Aside from that, yesterday we moved the
Gemini server, which is basically a Raspberry Pi that doubles up as a Web proxy and various
other things*. It used
to be on top of a shelf, but now its in the living room,
connected over Ethernet to a fibre-optic router, installed here
just over 2 months ago. We continue to make improvements to the
site, to the capsule, to IRC, IPFS and so on. We push as many of
these changes as possible/sensible to Git for transparencys sake (and
sharing).
____
* This month weve served over
120,000 Gemini pages in 10 days and about 30,000 Gemini pages
as HTML (over our own proxy). Gemini is strategic to us. We hope it
is the future.
14:00
How to transform cybersecurity learning and make content more engaging Help Net Security
While applications like Slack and Teams have transformed how we collaborate and communicate, cybersecurity training has not kept pace with these advancements. Most security training is still being delivered through web-based learning management systems, according to CybSafe. Often, important security information gets lost in the noise. Only half of the workers interviewed paid attention to emailed content. Furthermore, 20% of employees said they could not remember or find relevant cybersecurity information. In this Help Net More
The post How to transform cybersecurity learning and make content more engaging appeared first on Help Net Security.
13:38
Google is Dead, Say Microsoft Pundits, But Despite the Chatbot and Hype (and Amid Bing Layoffs) Bing Share Falls From 3.6% to 2.6% in a Matter of 6 Months Techrights
Summary: Over the past few months Microsoft-sponsored media kept saying that Google was doomed because of some chaffbot (smokescreen, vapourware or chaff amid Microsoft layoffs, including many in Bing), but judging by the actual data Bing is down from 3.6% to 2.6% (it lost about 30% of its relative share in only 6 months)
13:30
Criminal businesses adopt corporate behavior as they grow Help Net Security
As criminal groups increase in size, they adopt corporate-like behavior, but this shift brings about its own set of challenges and costs, according to Trend Micro. The criminal underground is rapidly professionalizing with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases. However, larger cybercrime organizations can be harder to manage and have more office politics, poor performers, and trust issues. This report highlights to investigators the More
The post Criminal businesses adopt corporate behavior as they grow appeared first on Help Net Security.
13:23
A widow is accusing an AI chatbot of being a reason her husband killed himself Lifeboat News: The Blog
A chatbot supposedly encouraged someone to kill himself. And he did.
The company behind the Eliza chatbot says its put a new safety feature in place after hearing about this sad case.
13:23
Tesla is about to launch a big new software update with new features and UI upgrades Lifeboat News: The Blog
Tesla is about to launch a big new software update that includes a few new features and a lot of user interface upgrades.
As a Tesla owner, its always a good day to get a notification that a new software update is available. You start wondering what new features or improvements you are getting that day.
Well, now we have a good preview of the next Tesla software update as Teslascope (a service that tracks Tesla software updates) found out about a new update that the automaker is pushing to employee vehicles, which generally means it will be coming soon to the customer fleet as well.
13:22
Homologous pairing in short double-stranded DNA-grafted colloidal microspheres Lifeboat News: The Blog
Homologous pairing (HP), i.e., the pairing of similar or identical double-stranded DNA, is an insufficiently understood fundamental biological process. HP is now understood to also occur without protein mediation, but crucial mechanistic details remain poorly established. Unfortunately, systematic studies of sequence dependence are not practical due to the enormous number of nucleotide permutations and multiple possible conformations involved in existing biophysical strategies even when using as few as 150 basepairs. Here, we show that HP can occur in DNA as short as 18 basepairs in a colloidal microparticle-based system. Exemplary systematic studies include resolving opposing reports of the impact of % AT composition, validating the impact of nucleotide order and triplet framework and revealing isotropic bendability to be crucial for HP. These studies are enabled by statistical analysis of crystal size and fraction within coexisting fluid-crystal phases of double-stranded DNA-grafted colloidal microspheres, where crystallization is predicated by HP.
13:00
Consumers take data control into their own hands amid rising privacy concerns Help Net Security
Data Subject Requests (DSRs), which are formal requests made by individuals to access, modify, or delete their personal data held by a company, increased by 72% from 2021 to 2022. The increase was primarily driven by deletion and access requests, according to DataGrail. In fact, the number of deletion requests more than doubled while access requests grew fivefold. These numbers will continue to increase as new data privacy laws, like those in Virginia and Colorado, More
The post Consumers take data control into their own hands amid rising privacy concerns appeared first on Help Net Security.
12:05
Scientists Create an Eco-friendly Paint That Mimics Nature SoylentNews
An energy-saving coating needs no pigments, and it keeps the surface beneath it 30 degrees cooler:
Color surrounds us in nature, and we re-create it with pigments. You can think of pigments as pulverized minerals, heavy metals, or chemicals that we swish into oil and spread over a canvas or car: Cobalt becomes blue; ochre red; cadmium yellow. "But nature has a very different way of creating color than we do," Chanda says. Some of nature's most vivid looksthe kind worn by peacocks, beetles, and butterfliesdo their thing without pigment.
Those colors come from topography. Submicroscopic landscapes on the outer surfaces of peacock feathers, beetle shells, and butterfly wings diffract light to produce what's known as structural color. It's longer-lasting and pigment-free. And to scientists, it's the key to creating paint that is not only better for the planet but might also help us live in a hotter world.
In a paper published this month in Science Advances, Chanda's lab demonstrated a first-of-its-kind paint based on structural color. They think it's the lightest paint in the worldand they mean that both in terms of weight and temperature. The paint consists of tiny aluminum flakes dotted with even tinier aluminum nanoparticles. A raisin's worth of the stuff could cover both the front and back of a door. It's lightweight enough to potentially cut fuel usage in planes and cars that are coated with it. It doesn't trap heat from sunlight like pigments do, and its constituents are less toxic than paints made with heavy metals like cadmium and cobalt.
Read more of this story at SoylentNews.
12:00
The Hello World of GPT? Hackaday
Someone wants to learn about Arduino programming. Do you suggest they blink an LED first? Or should they go straight for a 3D laser scanner with galvos, a time-of-flight sensor, and multiple networking options? Most of us need to start with the blinking light and move forward from there. So what if you want to learn about the latest wave of GPT generative pre-trained transformer programs? Do you start with a language model that looks at thousands of possible tokens in large contexts? Or should you start with something simple? We think you should start simple, and [Andrej Karpathy] agrees. He has a workbook that makes a tiny GPT that can predict the next bit in a sequence. It isnt any more practical than a blinking LED, but it is a manageable place to start.
The simple example starts with a vocabulary of two. In other words, characters are 1 or 0. It also uses a context size of 3, so it will look at 3 bits and use that to infer the 4th bit. To further simplify things, the examples assume you will always get a fixed-size sequence of tokens, in this case, eight tokens. Then it builds a little from there.
The notebook uses PyTorch to create a GPT, but since you dont need to understand those details, the code is all collapsed. You can, of course, expand it and see it, but at first, you should probably just assume it works and continue the exercise. You do need to run each block of code in sequence, even if it i...
11:30
Links 10/04/2023: OpenBSD 7.3 and 4MLinux 42 Techrights
Contents
-
GNU/Linux
-
Desktop/Laptop
-
Liliputing PlanetPC XR mini PC dramatically fails to meet crowdfunding goals (Linux PC with ARM-based processor and integrated touch panel) Liliputing
The PlanetPC XR Series is a compact desktop computer with an ARM-based processor, Ubuntu Linux software, plenty of ports and storage options. Theres also an unusual touch panel on the front that can be used to control some of the PCs functions or display information.
Theres just one catch: it...
-
-
11:29
SoftwareQinc/staq: A full-stack quantum processing toolkit Lifeboat News: The Blog
A full-stack quantum processing toolkit. Contribute to softwareQinc/staq development by creating an account on GitHub.
11:29
What Is The Price of a Quantum Computer In 2023? Lifeboat News: The Blog
Many experts in the industry predict the cost of quantum computing hardware will continue to decrease over time as the technology advances, making it more accessible to a broader range of businesses and organizations. In a recent talk, the CTO of the CIA Nand Mulchandani noted that the quantum industry is still very early and unit costs are still very high, as we are very much in the research and development stage.
In general, pricing concerns are sure to be influenced by several important factors, including how advanced discoveries in the sector are made, market demand for the technology and competition among quantum computing providers.
The Quantum Insider observes with a keen eye the market trends and technological narrative that is evolving as we speak. When thinking about the price of a quantum computer price in 2023, its worth considering the access method, the type of computer and usage requirements.
11:25
Connecting Brains: The BrainNet VPRO documentary Lifeboat News: The Blog
Can we connect human brains together? What are the limits of
what we can do with our brain? Is BrainNet our future?
In science fiction movies, scientists brains are downloaded into
computers and criminal brains are connected to the Internet.
Interesting, but how does it work in real life?
Original title: The greedy brain.
Scientific journalist Rob van Hattum wondered what information we
can truly get from our brain and came across an extraordinary
scientific experience.
An experiment where the brains of two rats were directly connected:
one rat was in the United States and the other rat was in Brazil.
They could influence the brain of the other directly. Miguel
Nicolelis is the Brazilian neurologist who conducted this
experiment. In his book Beyond Boundaries he describes his special
experiences in detail and predicts that it should be possible to
create a kind of BrainNet.
For Backlight, Rob van Hattum went to Sao Paulo and also visited
all Dutch neuroscientists, looking for what the future holds for
our brain. He connected his own brain to computers and let it
completely be scanned, searching for the limits of reading out the
brain.
Originally broadcasted by VPRO in 2014.
VPRO Backlight July 2014
On VPRO broadcast you will find nonfiction videos with English
subtitles, French subtitles and Spanish subtitles, such as
documentaries, short interviews and documentary series.
VPRO Documentary publishes one new subtitled documentary about
current affairs, finance, sustainability, climate change or
politics every week. We research subjects like politics, world
economy, society and science with experts and try to grasp the
essence of prominent trends and developments.
Visit additional youtube channels bij VPRO broadcast:
VPRO Broadcast, all international VPRO programs: https://www.youtube.com/VPRObroadcast.
VPRO DOK, German only documentaries: https://www.youtube.com/channel/UCBi0VEPANmiT5zOoGvCi8Sg.
VPRO Metropolis, remarkable stories from all over the world:
https://www.youtube.com/user/VPROmetropolis.
VPRO World Stories, the travel series of VPRO: https://www.youtube.com/VPROworldstories.
VPRO Extra, additional footage and one offs:...
11:25
Toward understanding the communication in sperm whales Lifeboat News: The Blog
The recent success of machine learning (ML) methods in answering similar questions in human languages (Natural Language Processing or NLP) is related to the availability of large-scale datasets. The effort of creating a biological dataset in a format, level of detail, scale, and time span amenable to ML-based analysis is capital intensive and necessitates a multidisciplinary expertise to develop, deploy, and maintain specialized hardware to collect acoustic and behavioral signals, as well as software to process and analyze them, develop linguistic models that reveal the structure of animal communication and ground it in behavior, and finally perform playback experiments to attempt bidirectional communication for validation ( Figure 1 ). Yet, the deployment of graphics processing units (GPU) is following a trajectory akin to Moores Law ( https://openai.com/blog/ai-and-compute) and, at the same time, the success of such an endeavor could potentially yield cross-applications and advancements in broader communities investigating non-human communication and animal behavioral research. One of the main drivers of progress making deep learning successful has been the availability of large (both labeled and unlabeled) datasets (and of architectures capable of taking advantage of such large data). To build a more complete picture and capture the full range of a species behavior, collecting datasets containing measurements across a broad set of factors is essential. In turn, setting up infrastructure that allows for the collection of broad and sizable datasets would facilitate studies that allow the autonomous discovery of the meaning-carrying units of communication.
A dedicated interdisciplinary initiative toward a detailed understanding of animal communication could arguably be made with a number of species as its focus. Birds, primates, and marine mammals have all given insight into the capacity of animal communication. In some ways, the collective understanding of the capacity for and faculty of comm...
11:21
Desktops/Laptops: Windows Down to 64%, GNU/Linux Rises to 6.3% Techrights
Combined share (OpenDocument Format):
The overall picture:
Summary: The trend is revealing; amid gains for Chrome OS and GNU/Linux Microsoft is laying off untold number of workers and Windows market share is in a freefall
11:09
Windows Market Share: From 80% to 26% in a Single Decade Techrights
The fall or the losses deepen this month (Microsofts share of the pie was 3 times bigger 10 years ago)
Summary: As can be seen in the chart above, Microsoft is reaching all-time lows again in terms market share (not that the media bothers mentioning this; its paid to pretend chatbots are revolutionary and position Microsoft for huge growth)
10:40
U.S. Banks, Including Chase and Synchrony, File Suspicious Activity Reports and Shut Down Accounts for Logging in From Another Country and Transferring Retirement Funds; May Also Affect VPN Users Techrights
Reprinted with permission from Ryan
U.S. Banks, Including Chase and Synchrony, File Suspicious Activity Reports and Shut Down Accounts for Logging in From Another Country and Transferring Retirement Funds; May Also Affect VPN Users
American banks are closing customer accounts without warning and many are refusing to say why.
The ones named, according to the article, are Chase and Synchrony Bank.
(Two of the worst banks in the country to bank with, I might add. Chase was ripping my ex blind with $11 monthly checking account fees until I switched him to an online bank with no fees and put an end to that.)
Synchrony is an underlying bank for PayPal Savings and PayPal Checking.
Synchrony also runs some store cards. They have a possibly illegal practice (under Illinois BIPA) of collecting biometric data to open an Amazon Card.
If you use a VPN, you may want to use split tunneling for a Web browser session to do your online banking.
In at least one instance, according to the article, Chase Bank violated the Bank Secrecy Act, first by telling a man who had his accounts frozen in the middle of dinner and was left unable to pay the bill as a result, that it had filed a SAR (which is illegal.you cannot tell a customer you did that), and then violated the BSA again by telling him why (he had logged on to their online banking system from a foreign country while he was on vacation).
Theres a lot of weird stuff going on in the US banking industry right now, including an explosion of SARs. Ironically, the article says the explosion of SARs came after the pandemic, which was a pandemic of a SARS virus.
In all seriousness, the banks are reporting anything that looks even kind of dodgy, apparently, because theres no penalty to the bank to close accounts and file them, even though only 4% are possibly criminal activity, according to the New York Times article.
MinceR on #TechRights IRC channel raised a very good point.
Isnt losing clients a penalty?
Chase Bank has $4 trillion in assets. With that much and with the Systemically Important Bank regulators breathing down their necks, its not so serious if they...
10:24
How DARPA Leverages Open Source to Secure 5G Linux.com
Read the original blog at Read More
The post How DARPA Leverages Open Source to Secure 5G appeared first on Linux.com.
10:00
HPR3832: How I left Google behind Hacker Public Radio
A list of the software and hardware I cover in the show. Hardware: Server - 11th gen i5-11400, 64GB RAM, 12TB SSD storage Local backup server - 4th gen i5-4570, 32GB RAM, 24TB HDD storage in mirrored ZFS pool for 12TB usable. Offsite backup server - Celeron J4125, 16GB RAM, 8TB SSD storage Software: Hypervisor - Proxmox Virtual Environment https://www.proxmox.com/en/proxmox-ve Backup software - Proxmox Backup Server https://www.proxmox.com/en/proxmox-backup-server Email - iRedMail https://www.iredmail.org/index.html Photos, Notes, File Storage, Office Software - Nextcloud AIO https://github.com/nextcloud/all-in-one Music - Funkwhale https://funkwhale.audio/ Social Media - Mastodon https://github.com/mastodon/mastodon Blog - writefreely https://github.com/writefreely/writefreely Video - Invidious, Peertube https://invidious.io/ https://github.com/Chocobozzz/PeerTube/ Chat - Matrix, Element https://github.com/matrix-org/synapse/ https://element.io/
Automated Detection and Repair of Intrusive Ads It Will Never Work in Theory
Unless and until legislators give ad regulations some real teeth, we're going to have to rely on counter-measures. I can think of no better introduction and summary for this latest advance in that arms race than the one written by the authors themselves and quoted below.
we propose an automatic detection technique that addresses the following challenges: (1) Advertisements can be fully dynamic where the structure of an ad is unknown until runtime, making it difficult to identify an ad and differentiate it from other elements. (2) Dynamically loaded ads can be highly volatile (e.g., first appear and then disappear at any time), which makes it difficult to localize dynamic ads in the source code. (3) Advertisements can be initially preloaded and later have their properties modified during runtime, thus a pure static/dynamic analysis alone does not suffice.
To this end, we propose AdHere, a technique that can automatically detect violating ads and suggest repair proposals. The design of AdHere is based on a combination of static and dynamic analyses. It works by first parsing the initial web page to a DOM tree to search for potential static ads, and then using mutation observers to monitor and detect intrusive (dynamic/static) ads on the fly. To handle ads' volatile nature, AdHere includes two detection algorithms for desktop and mobile ads to identify different ad violations during three phases of page load events. Our approach recursively applies the detection algorithms to resolve nested layers of DOM elements inserted by ad delegations. We evaluate AdHere on Alexa Top 1 Million Websites to detect their compliance with the Better Ads Standards. AdHere detected violating ads on 5,540 mobile websites and 4,601 desktop websites. Compar[ed] to the currently available alternative, AdHere detected violations on 4,656 more mobile websites and 3,911 more desktop websites and improved recall (by 16.6%) and accuracy (by 4.2%).
Yutian Yan, Yunhui Zheng, Xinyue Liu, Nenad Medvidovic, and Weihang Wang. AdHere: automated detection and repair of intrusive ads. In Proc. ICSE'23, 2023, https://weihang-wang.github.io/papers/ICSE2023-AdHere.pdf.
09:20
Metaverse as a New Game Reality: Does it Make Sense to Invest in VR Development? HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
How much has Virtual reality (VR) technology evolved? It has evolved enough for indie virtual reality projects to
This is a post from HackRead.com Read the original post: Metaverse as a New Game Reality: Does it Make Sense to Invest in VR Development?
09:20
Twitter Shut Off its Free API and It's Breaking a Lot of Apps SoylentNews
Even developers who want to pay for the API are having trouble:
Twitter has finally shut off its free API and, predictably, it's breaking a lot of apps and websites. The company had previously said it would cut off access in early February, but later delayed the move without providing an updated timeline.
But, after announcing its new paid API tiers last week, the company seems to have started cutting off the thousands of developers relying on its free developer tools. Over the last couple days, a number of app makers and other services have reported that the Twitter API is no longer functioning. Mashable reported the shutoff seems to have started Tuesday morning, though many developers are still trying to understand what's happening as Twitter doesn't seem to have communicated with most developers about the changes.
The ending of Twitter's free API comes after the company abruptly changed its rules to ban third-party Twitter clients as part of a larger shakeup of its developer strategy. But, as we've previously reported, third-party clients were only a small fraction of the developers, researchers, bot makers and others who relied on Twitter's APIs.
[...] All of these issues are further complicated by the fact that Twitter seems to have communicated very little with any of its developers about these changes or what they mean. Most of the employees who worked in developer relations were cut during the company's mass layoffs. And the company's developer forums are filled with posts from confused developers looking for answers. The company no longer has a communications team, and its press email auto-responds with a poop emoji.
Read more of this story at SoylentNews.
09:00
My Glasses Hear Everything Im Not Saying! Hackaday
There was a time when you saw someone walking down the street talking to no one, they were probably crazy. Now you have to look for a Bluetooth headset. But soon they may just be quietly talking to their glasses. Cornell University researchers have EchoSpeech which use sonar-like sensors in a pair of glasses to watch your lips and mouth move. From that data, they can figure out what you are saying, even if you dont really say it out loud. You can see a video of the glasses below.
There are a few advantages to a method like this. For one thing, you can speak commands even in places where you cant talk out loud to a microphone. There have been HAL 9000-like attempts to read lips with cameras, but this is power-hungry and video tends to be data intensive.
By comparison, the EchoSpeech uses low-power speakers and transducers to silently collect a modest amount of data. In addition to convenience, this tech could be a real breakthrough for people who cant speak for some reason but can move their lips and mouth.
We often wondered if Star Trek-style voice command would be a pain in a 25th-century cube farm. EchoSpeech could solve this problem since you dont actually speak out loud.
Google Glass wasnt very successful, but this might be viable for some users. Even better if integrated with...
07:33
KillNet Claims Creating Gay Dating Profiles with NATO Logins HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
KillNet claims it carried out cyberattacks that resulted in the "paralysis" of 40% of NATO's electronic infrastructure.
This is a post from HackRead.com Read the original post: KillNet Claims Creating Gay Dating Profiles with NATO Logins
07:32
On-line Casino Greatest On-line Casinos In New Zealand 2023 h+ Media
On-line Casino Greatest On-line Casinos In New Zealand 2023
All the fun games we acknowledge and love from 888casino are here but now you will discover them with a extra private contact. The solely thing you need to play casino in Mobile is a fast web connection and a relatively trendy mobile system. You can play both on cellular and on tablet, whether or not you employ iOS or Android.
Since the New Zealand Gambling Act was amended in 2019, most New Zealand on-line casinos offer BankID as an identity verify. This means that you automatically register a game account if you make a deposit at the casino. This means you dont have to register on the on line casino manually, and get registered in connection along with your deposit. This is also called Pay n play on line casino and is a convenient approach to keep away from difficult registration processes whenever you need to get started with on line casino games on-line. He is always fast to review new casinos which have area of interest themselves on odds and esports. Edward is also no stranger to testing video games with distinctive ideas that do not belong to the traditional casino video games with free spins and bonuses.
Receive 500% bonus in your first deposit with us, 600% on the second deposit and 400% bonus on the third. We grant a bonus to all deposits, starting with 200% in your first deposit of the day. With this supply voucher, place your football bets and obtain a discount of $34.25 in Betfair. 888 Casino encourages you to addContent your documentation directly onto the on line casino web site for all future withdrawals.
- Online casinos even have one thing in store for Blackjack and Baccarat fans.
- The RNG works in the background and what you see on the screen are then solely animations of the end result from it.
- We can say that Bspin is genuinely a fantastic online on line casino that caters to the wants of every kind of gamblers, on-line casinos that provide no deposit bonuses.
- The on line casino provides an unlimited number of video games from varied firms, a great mobile app that works on all units and unbelievable participant help in each banking and issues decision.
- All-time favourite classic tables embody Blackjack, Poker, Sic Bo, Roulette, Baccarat, and Keno.
- We can even do it by e mail; dont hesitate to write down to us at earlier than any doubt you have.
1001couponcodes.co.nz has one of the best choices in addition to exclusive provides. The 888 Casino low cost coupon are codes used by online stores to convince undecided prospects to complete their purchase. If you enjoyed the low cost provided by our coupons, we recommend that you simply checkout immediately as they have very limited validity.
A wide range of games can be found by way of your cell device and gamers can count on the same high-quality gaming expertise whether or not youre enjoying from your...
07:30
888 Casino Review Up To $1500 On First 5 Deposits! h+ Media
888 Casino Review Up To $1500 On First 5 Deposits!
When it comes to cost strategies, 888 on line casinos supply is quite acceptable. The rollover amount is 30x and the completely different online casino games contribute differently to the same. The 888casino bonus cannot be withdrawn with out the necessities being met. With all that theres on provide under the 888 Umbrella, they really are the one-stop-shop for online playing and you really cant go incorrect no matter what service you be part of.
Thats why UPayCard is such an excellent possibility for those who favor it. Cassava Enterprises can be licensed and controlled to offer online gaming services under the legal guidelines of Gibraltar. Only gamers whove played with the on line casino enough will be invited to hitch this unique experience. Poker, baccarat and blackjack are obtainable in numerous recreation variants, so newcomers are finest off sticking to the traditional video games. Those who know somewhat will find variety in poker variants similar to Caribbean Stud, Casino Holdem and Pai Gow Poker.
Also benefit from our coupons and provides from the shop Tornadobet. These typically provide higher payout percentages and better probabilities of successful than bodily casinos. But additionally between these NZ online casinos, the RTP can vary fairly a bit. Because the number of on-line providers is consistently rising, we now have taken the search work off your arms and ready an outline of the best online casinos in the New Zealand. A dedicated part of the foyer will present numerous tables and tournaments for players trying to enjoy the game with out utilizing actual cash within the course of. T just apply to cash video games but in addition to on-line poker tournaments, for the explanation that schedule is all the time packed and the motion by no means seems to stop.
Essentially, if you would like the chance of successful over 1,000,000 NZ dollars from only one single recreation, from one single spin, that is the sector you play in. When analysing the on line casino, all areas of the location are equally matched in brilliance. The casino side, however, dominates within the variety of gameplay. Well over a thousand titles are lined up right here alone and every recreation you might have heard of and would need to play, they are all right here. 888 provides all the essential sports activities you could ask for from a sportsbook. NHL and different major sports are naturally on offer, as nicely as lacrosse and CFL.
If youve fortunate numbers or assume they are in your aspect, the roulette await you. For those who favor letters, the blackjack online poker is out there. The truth is that poker has seen lots of development in the https://casino-tr.top/superhero-reels-slot/ final twenty years, being not only performed amongst friends but in...
07:28
888poker Leaves Polish Market Nz On-line On Line Casino News h+ Media
888poker Leaves Polish Market Nz On-line On Line Casino News
No matter where youre and no matter how busy the remainder of your life will get, you by no means have to miss out on any on line casino video games or opportunities to win massive once more. There are many guides found on the site that can help you with their video games, covering slots, roulette, blackjack, Texas HoldEm, bingo, sports betting and stay on line casino video games. Internationally famend writer Henri Ojala has spent more than a decade mastering the ins and outs of the playing trade, specializing in online poker, sports betting, and on line casino video games. With over 10 years of expertise in the playing industry, hes a respected skilled in various types. Henri shares his in depth knowledge of strategies, odds, and danger administration, earning him recognition as an authority within the online casino area. Although the variety of online pokies isnt big at 888 Casino, there isvariety and games by the leading producers, as properly as some distinctive titles too.
888 Casino features a good welcome package for new players including 88 Free Spins with no deposit required and a welcome bonus that may go up to NZ$200. It additionally features ongoing promotions that function high-earning qualities. The proven truth that it has been around since 1997 makes it a very skilled on line casino and extremely trustworthy.
No downloads, identical content material, and still play anyplace that has Wi-Fi or a 4G/5G connection. You will be capable of transition from PC to Mobile and have the same selection of video games, together with the same ranges of safety. If youve a smartphone with Android, iOS, or Windows constructed into it, then yes, youll find a way to play 888 on line casino cell on the go. The Tropicana Casino and Resort has joined with Gamesys Limited, which runs the jackpotjoy.com web site. The four casinos owned by Caesars Entertainment Caesars Atlantic City, Ballys Atlantic City, Harrahs Resorts Atlantic City and the Showboat Casino Hotel are partnering with 888 Holdings. Nine of towns 12 casinos have acknowledged lining up companions for Internet gambling, and a 10th is widely rumored to have selected a companion, as nicely.
You can wager these bonus funds on eligible 888 casino games such because the model new Jacks Pot, Millionaire Genie, Irish Riches, Nightmare on Elm Street, and Ultimate Universe. You even have the prospect to hit the jackpot on one of these pokies! Make certain you learn the terms and conditions fastidiously whenever you join, as withdrawal restrictions apply. 888, founded in 1997, are stalwarts of the net on line casino industry with fingers in many pies. 888casino is only one such finger protruding from the 888 holdings tart.
888 Casino is now providing the Premier Players Welcome Bonus which begins with a one hundred pc match on your first deposit...
07:27
888 Casino Nz Review On-line $100 Nzd 888 On Line Casino Bonus 2023 h+ Media
888 Casino Nz Review On-line $100 Nzd 888 On Line Casino Bonus 2023
The provide itself is a 100 percent matched deposit bonus up to the value of $1500. We shall be introducing you to the casinos unique welcome bonus supply. We then inform you of a few of the ongoing rewards that may be collected from their Promotions page. And lastly, we shall be telling all about their 888 VIP Casino Club.
It features a six-line, Six-column format with forty six,656 paylines and an RTP rate of 94.8%. Its finest features embody free spins with various bonuses and progressive jackpots. Yes, 888 offers to its gamers all the wanted security measures. The casino is licensed and controlled by the Gibraltar Regulatory Authority, which means that it meets the entire standards for a fair and protected on-line casino. In addition, 888 has been rewarded an assurance seal for truthful gaming by eCORGA.
You ought to at all times look for the free spin feature of Aloha, you should use our sources below to grasp the game inside a very brief time period. In New Jersey, you get the free spins or money to enjoy desk video games. Slots are one of the favorite decisions of games at on-line casinos. A number of cost methods make the positioning so nice as every participant can discover a suitable method for managing funds.
The on line casino has the most important collection of games compared to some other crypto-friendly playing platform. Kiwis can indulge in Pokies, Live Dealer Games, Progressive Jackpots, Esports, Live Sports Betting, TV, and Virtual Games. 888Starz has a Buy Feature that lets gamers buy their means into bonus rounds on in style Pokies. For occasion, Kiwis do not have to attend to hit the bonus randomly, they usually can buy their means into a bonus round to trigger elevated winnings.
Minimum deposit 100$ free spins gilitga in Book of Dead 0x wagering requirements. By selecting games at licensed casinos, you could be assured that the on line casino is underneath the supervision of the New Zealand authorities who are there to safe your gaming environment. When New Zealand casinos want to supply a slot machine, all video games must have an eCorga certification. 99% RTP in a slot or slot machine by definition does not imply that the prospect of winning is 99% and games with excessive RTP usually are not a guarantee of successful. What RTP a sport has is predicated on the millions of billions of spins made in that specific sport. The extra check spins made, the safer and more accurate the gameS RTP becomes.
Casino 888 is offered by an interesting panoply of developers, made up of a few of the greatest names within the on-line casino world. Despite having a great supply of video games, on line casino 888 still does not supply its punters stay Casino games. Again, if youre not acquainted with the formats of those competitions than there is not a want to fret as 888 offer you guides to get b...
07:26
High 10 Greatest Online Casino In New Zealand Get Bonuses Enjoying In Online Pokies h+ Media
High 10 Greatest Online Casino In New Zealand Get Bonuses Enjoying In Online Pokies
MB Way is doubtless considered one of the most Moderna payment methods in New Zealand. This cellular app combines the most effective of the ATM system with the comfort of having the power to pay at any time, anyplace. You can even receive money, but for now, this feature just isnt obtainable within the legal on-line casinos that we recommend. Even though you can play slots with MB Way and all of the table games available, this is one of those sections of on-line casino video games that we need to see amongst ourselves. In a perfect world, with national sellers , lots of friendliness and some engaging gaming tables as is the case with the roulette tables that so many gamblers fascinates.
After graduation, she moved to Wellington to pursue a profession in writing. 888 Casino Compared with other casinos from the Online Pokies class. There can be the 888 Blog that will maintain you updated with all the casinos information and sport releases. The Live area is a full-on streaming platform where youll compete towards the various completely different sellers internet hosting the tables.
Providers corresponding to IGT, NetEnt, Pragmatic Play or Microgaming are included within the catalog, which provides quality to the casinos offer. Its straightforward to seek out the part devoted to promotions on the homepage, however where are they? On previous visits we got here across some well-structured offers that aroused our curiosity. Currently, solely two welcome presents had been out there, and its attainable to take pleasure in both, however weekly promotions, challenges, tournaments and other promotional add-ons are lacking. In this field, different casinos New Zealand on-line provides a lot more than 888.
Finally, it is much simpler to manage betting and impose limits on playing in a web-based on line casino, which makes on-line playing relatively cheaper, safer and simpler to control. The tables are real, the croupiers are real and the sport is not automated. These are the principle explanation why on-line gamblers select a Live Casino. Due to the growing popularity, providing a Live Casino is an enormous plus for on-line casinos on this rating. Blackjack is also identified as a game for which varied clever methods can be utilized.
This application can now even be used for casino video games for example. 888s cellular on line casino app provides three of its most distinguished options Sport, Poker and Casino. Within those three subsidiaries, youll discover a load of gaming choices. What units 888 apart from the competitors is its providing of sports betting as a portable option as that is one thing that is still in the implementation phase for many other cell casinos.
Besides offering all kinds of sports activities for wagering, additionally they broadcast several events reside...
07:03
Distribution Release: 4MLinux 42.0 DistroWatch.com: News
4MLinux is a miniature Linux distribution focusing on four capabilities: maintenance, games, multimedia, and servers. The introduces a few new applications and a series of updates. "4MLinux 42.0 stable released. The status of the 4MLinux 42.0 series has been changed....
06:34
Animal Mutation Rates Reveal Traits That Speed Evolution SoylentNews
Now, a massive analysis of 68 diverse vertebrate species, from lizards and penguins to humans and whales, has made the first large-scale comparison of the rates at which species mutate a first step toward understanding how quickly they can evolve. The findings, published in the journal Nature, unearthed surprising insights into how the tempo for mutations can change and what sets that pace.
The paper roughly "doubles the amount of mutation-rate estimates we have," said Michael Lynch, an evolutionary biologist at Arizona State University who was not involved in the study. Now we have a "better idea of the amount of variation within vertebrates."
With this extensive data, biologists can begin to answer questions about which traits most influence mutation rates and the pace of evolution. "There are things that affect the rate of evolution, [but] we don't know all of them," said Patricia Foster, a professor emerita of biology at Indiana University who was not involved in the study. "This is the start."
[...] If they found a mutation in around 50% of an offspring's DNA, they concluded that it was likely a germline mutation one inherited through either the mother's egg or the father's sperm. Natural selection can act directly on such a mutation. Less frequent mutations were deemed to have happened spontaneously in tissues outside the germline; they were less relevant to evolution because they wouldn't get passed on.
(Surprisingly often, mismatches in the family trios told the researchers that the fathers listed by the zoos were unrelated to the babies. Zoo representatives would often shrug at this news and say there might have been two males in the cage. "Yeah, well, the other one is the winner," Bergeron would joke.)
In the end, the researchers had 151 usable trios, representing species as physically, metabolically and behaviorally diverse as massive killer whales, tiny Siamese fighting fish, Texas banded geckos and humans. They then compared the species' mutation rates with what we know about the behaviors and characteristics called their life history. They also considered a statistical measure for each species called the effective population size, which roughly corresponds to how many individuals are needed to represent the genetic diversity. (For example, although the human population today is 8 billion, scientists usually estimate our effective population size to be around 10,000 or fewer.) Bergeron and her colleagues looked for patterns of associations in the numbers.
06:13
Reddit Banned 5,853 Users for Excessive Copyright Infringement Last Year TorrentFreak
Every day, millions of people from all over the world submit
posts, comments, and other content to Reddit.
The social news and discussion platform has been around for more than 17 years and over time its popularity has only increased.
With Reddit about to reach adulthood, the site has certain responsibilities. In recent years, these have included the publication of a transparency report documenting how various legal policies affect the sites content.
The report shows how Reddits content policy leads to the deletion of millions of posts per week, including spam, hateful content, sexualization of minors, prohibited goods, and harassment. As a result, more than five million user accounts were banned last year, either temporarily or permanently.
DMCA Notices and Takedowns Increase
The number is significant, especially when taking into account that it doesnt include copyright-related complaints. Reddits responses to DMCA takedown notices and the sites handling of excessive copyright infringement are listed separately in the legal removals section.
These figures have been steadily increasing, and last year was no exception, according to the transparency report.
In 2022, we saw a 43% increase over the previous year in the total number of copyright notices received, a 126% increase in the amount of content reported for removal, and a 97% increase in the amount of content removed, Reddit reports.
Compared to other content removals, copyright actions are relatively modest. In 2022, Reddit received 254,632 copyright notices, in which rightsholders asked the site to remove 1,668,452 pieces of content. Of these requests, close to 80% resulted in items being removed.
These numbers are relatively small compared to the dozens of millions of content policy removals. However, they carry a different weight as the content is reported by third-party actors, instead of Reddit mods or bots.
User and Subreddit Bans
This increase is not limited to the copyrighted links and content removed, subreddits are affected too. Several popular Reddit communities have to jump through hoops to avoid getting banned but not all manage to do so. In 2022, Reddit booted 3,215 subreddits for exces...
06:09
Rosenzweig Steps Down As Open-Source Arm Mali "Panfrost" Driver Maintainer Phoronix
Alyssa Rosenzweig who has been leading the Panfrost open-source Arm Mali graphics driver reverse engineering effort the past half-decade is stepping down as maintainer of this driver as part of this also being her last day at Collabora...
05:32
The extended BPF (eBPF) virtual machine allows programs to be loaded into and executed with the kernel and, increasingly, other environments. As the use of BPF grows, so does interest in defining what the BPF virtual machine actually is. In an effort to ensure a consistent and fair environment for defining what constitutes the official BPF language and run-time environment, and to encourage NVMe vendors to support BPF offloading, a recent effort has been undertaken to standardize BPF.
05:04
Linux cp command copy symbolic (soft) link tutorial nixCraft
Do you want to copy a symbolic (soft) link instead of a file using the cp command under Linux? Try passing the -a (--archive) to copy and preserve all soft (symbolic) links. The cp command is a naturally used file copying under Linux and it comes with a few rules for copying symbolic links.
Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit
The post Linux cp command copy symbolic (soft) link tutorial appeared first on nixCraft.
05:00
NVIDIA Finally Working On A Linux Driver For Their 2017 SHIELD Controller Phoronix
NVIDIA launched their SHIELD "Thunderstrike" gaming controller back in 2017 and now in 2023 they are working to upstream their HD driver support for it...
04:52
Israel Faces Fresh Wave of Cyberattacks Targeting Critical Infrastructure HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
Authorities believe that these cyberattacks may be part of OpIsrael, organized by pro-Palestinian hackers.
This is a post from HackRead.com Read the original post: Israel Faces Fresh Wave of Cyberattacks Targeting Critical Infrastructure
04:10
In SAS v. WPL, the Federal Circuit Finally Gets Something Right on Computer Copyright Deeplinks
Figuring out the correct boundaries of software copyright protection is a difficult task. As several judges have put it, applying copyright law to computer programs is like assembling a jigsaw puzzle whose pieces do not quite fit. Last week, the U.S. Court of Appeals for the Federal Circuit solved one piece of that puzzle, by approving a procedural framework for analyzing software copyright cases.
Previously, the Federal Circuit failed miserably at solving that puzzle. It had issued two horrible computer copyright decisions in the long-running Oracle v. Google saga. The first of those opinions held that the Java Application Program Interfaces (APIs) were eligible for copyright protection. The second reversed a jurys determination that Googles use of the Java APIs was a fair use. Fortunately, the Supreme Court stepped in and reversed the second opinion, finding fair use. Unfortunately, the Courts fair use decision left open the first issue, whether APIs are copyright-eligible in the first place.
In a decision last week, the Federal Circuit finally got something right about copyright
In a decision last week, the Federal Circuit finally got something right about copyright, or at least the framework for deciding copyrightability of functional aspects of software. The case is between SAS Institute Inc. (SAS) and World Programming Ltd. (WPL). The two companies have been feuding for years over SASs effort to ef...
04:07
Who was Not Even Wrong first? Not Even Wrong
I recently heard from John Minkowski, whose father Jan Minkowksi was a student of Paulis in the late 1940s. He asked if I knew what the specific context of Paulis Not Even Wrong comment was, and I told him I didnt. I referred to this early blog post, which explains that Karl von Meyenn (editor of Paulis correspondence) had pointed me to a biographical memoir about Pauli by Rudolf Peierls which includes:
Quite recently, a friend showed him the paper of a young physicist which he suspected was not of great value but on which he wanted Paulis views. Pauli remarked sadly It is not even wrong.
Looking around for any more information about this, Wikipedia links to a 1992 letter to the editor at Physics Today from Peierls, which states
Wolfgang Paulis remark Das is nicht einmal falsch (That is not even wrong) was made not as a comment on a seminar talk but as a reaction to a paper by a young theoretician, on which a colleague (I believe it was Sam Goudsmit) had invited Paulis opinion.
Google also turned up a translation of a talk by Peierls in this article by Mikhail Shifman, which includes:
Somebody showed to Pauli a work of a young theorist being well aware that the work was not too good but still willing to hear Paulis opinion. Pauli read the paper and said, with sadness: It is not even wrong.
Trying to guess what the article in question might have been, Im tempted by the hypothesis that the discussion with Goudsmit was about Everetts Relative State Formulation of Quantum Mechanics paper. The timing (Quite recently) would have been right, with the paper published in July 1957, Paulis death later in December 1958. Goudsmit at the time was editor-in-chief at Physical Review, so would have been interested in Paulis opinion of the paper.
Complicating this story, John Minkowki sent me some pages from his fathers 1991 book Through three wars: The memoirs of Jan Michael Minkowski, which included this (in a context describing his 1946-48 student days at ETH):
I remember a seminar in theoretical physics given by a visitor from another Swiss university. These seminars were presided over by Dr. Pauli, and after the speaker finished all eyes would turn to Pauli to pronounce the verdict in his commentary. This particular lecture was treated by Pau...
04:00
Remembering Data Compression Pioneer Jacob Ziv IEEE Spectrum
Jacob Ziv, codeveloper of the Lempel-Ziv data compression algorithm, died on 26 March at the age of 91.
The IEEE Life Fellow was awarded the 2021 IEEE Medal of Honor for fundamental contributions to information theory and data compression technology, and for distinguished research leadership.
Ziv, an electrical engineering professor at the Technionthe Israel Institute of Technology, in Haifaand his colleague Abraham Lempel perfected the lossless compression technique, enabling perfect data reconstruction. With lossless algorithms, as an IEEE Spectrum article explained in 2021, bits disappear, making the data file dramatically smaller and thus easier to store and transmit, but unlike lossy compression techniques such as the ones used with JPEG and MP3 files, the bits reappear on command.
The Lempel-Ziv data compression algorithm, which paved the way for GIF, PNG, and ZIP files, was designated an IEEE Milestone in 2004.
Zivs scientific contributions changed forever the way we store, process, and transfer information, the Technions president, physicist Uri Sivan, wrote in a tribute to Ziv. He was an inspiration to all of usa beacon of scientific excellence [and] a symbol of sciences great potential to ignite technological revolutions that affect all of mankind.
Information and communication theory pioneer
Born in Israel, Ziv received bachelors and masters degrees in electrical engineering from the Technion in 1954 and 1957. He began his career in 1955 as a research engineer with the Israeli...
03:49
New AI Model Can Cut Out Any Object Within an Imageand Meta is Sharing the Code SoylentNews
On Wednesday, Meta announced an AI model called the Segment Anything Model (SAM) that can identify individual objects in images and videos, even those not encountered during training, reports Reuters.
According to a blog post from Meta, SAM is an image segmentation model that can respond to text prompts or user clicks to isolate specific objects within an image. Image segmentation is a process in computer vision that involves dividing an image into multiple segments or regions, each representing a specific object or area of interest.
The purpose of image segmentation is to make an image easier to analyze or process. Meta also sees the technology as being useful for understanding webpage content, augmented reality applications, image editing, and aiding scientific study by automatically localizing animals or objects to track on video.
Related:
MIT's
Computer Vision (CV) Algorithm Identifies Images Down to the
Pixel (20220424)
NVIDIA
Research's GauGAN AI Art Demo Responds to Words (20211130)
Ask
Soylent: Beginning in Artificial Intelligence Methods
(20150629)
Read more of this story at SoylentNews.
03:30
CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog Security Affairs
US Cybersecurity and Infrastructure Security Agency (CISA) added two flaws in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog:
- CVE-2023-28205 Apple Multiple Products WebKit Use-After-Free Vulnerability;
- CVE-2023-28206 Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability;
This week Apple has released emergency security updates to address the above actively exploited zero-day vulnerabilities impacting iPhones, Macs, and iPads.
Impacted devices include:
- iPhone 8 and later,
- iPad Pro (all models),
- iPad Air 3rd generation and later,
- iPad 5th generation and later,
- iPad mini 5th generation and later,
- and Macs running macOS Ventura.
Both vulnerabilities were reported by Clment Lecigne of Googles Threat Analysis Group and Donncha Cearbhaill of Amnesty Internationals Security Lab.
The zero-day CVE-2023-28205 is a use after free issue that resides in the WebKit, its exploitation may lead to arbitrary code execution. An attacker can trigger the flaw by tricking the victims into loading maliciously crafted web pages.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. reads the advisory.
The IT giant addressed the flaw with improved memory management.
The zero-day CVE-2023-28206 is an out-of-bounds write issue that resides in the IOSurfaceAccelerator.
An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. reads the advisory.
The company addressed the flaw with improved input validation.
Apple addressed the zero-day issue with the release of macOS Ventura 13.3.1, iOS 16.4.1, iPadOS 16.4.1, and Safari 16.4.1.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recom...
03:00
Linux Cluster-Aware Scheduling Being Extended To AMD Processors Phoronix
Back in 2021 saw work on CPU cluster-aware scheduling by HiSilicon engineers for Arm processors as well as Intel engineers with a focus on their Jacobsville platform being comprised of clusters of Atom cores. That x86 cluster-aware scheduling was enabled for capable Intel processors while now two years later is being extended for AMD processors...
02:46
SD Worx shuts down UK and Ireland services after cyberattack Security Affairs
Belgian HR giant SD Worx was forced to shut down its IT infrastructure for its UK and Ireland services after a cyber attack.
HR and payroll management firm SD Worx shut down its IT systems for its UK and Ireland services after a cyber attack. The company employs more than 7,000 HR professionals and serves over 5.2 million employees every month. The company claims a client base of over 82,000.
The UK and Ireland branch disclosed a security breach and began notifying its customers.
Our security team has discovered malicious activities in our hosted data centre last night. We have taken immediate action and have preventively isolated all systems and servers to mitigate any further impact. As a result, there is currently no access to our systems, which we deeply regret of course, reads the security breach notification sent by the company to UK and Ireland customers, as reported by BleepingComputer.
SD Worx emphasises that it applies extremely stringent organisational and technical security measures to secure the privacy and data of its customers at all times. It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status.
The company did not reveal the type of attack it has suffered and did not reveal if it has suffered a data breach.
At the time of this writing, the companys portal for UK and Ireland is reachable again.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and ...
02:36
Meson 1.1 Build System Released With Numerous Additions Phoronix
Just before Christmas Meson 1.0 was released for this widely-used, open-source software build system. Out today is Meson 1.1 as the newest feature update...
01:46
[Meme] Sirius AstroTurfing Techrights
Summary: Days after Sirius Open Source lowered salaries a couple of cheerleaders appeared, boosting ads from the fake founder of the company
01:35
Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical Security Affairs
Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution.
Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution.
The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than
The company also addressed a high-severity code execution issue, tracked as CVE-2022-4934. The issue is a post-auth command injection vulnerability that resides in the exception wizard, it can allow administrators to execute arbitrary code.
The vendor also fixed a medium-severity reflected cross-site scripting (XSS) vulnerability tracked as CVE-2020-36692. An attacker can exploit the vulnerability to execute JavaScript code in the victims browser.
The attacker can trigger the flaw by tricking the victim into submitting a malicious form on an attacker-controlled website while logged into Sophos Web Appliance.
All the above vulnerabilities were discovered and responsibly disclosed to Sophos by external security researchers via the Sophos bug bounty program.
Sophos Web Appliance will reach end-of-life (EoL) status on July 20, 2023. The company recommends customers replace the appliances with Sophos Firewall.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
...
01:33
Sirius Open Source Does Not Pay Its Contractors schestowitz.com
The companys victims include blind people
Saturday:
Sunday:
Summary: The crimes of Sirius Open Source turn out to have gone further than the pension fraud; according to a new message, the company withheld payment to staff that did a lot of work and weve seen even worse wage theft before (at one point the company was taken to court over it, almost exactly a decade ago if not many times more)
01:30
Playing 78 RPM Shellac Records: Its Not Just About Speed Hackaday
What is the difference between 78, 45, and 33 RPM records? Obviously most people would say the speed, which of course is true to a degree. But as [Techmoan] covers in a recent video, theres a whole lot more to the playback of 78 RPM records. Especially the older type without so-called microgrooves. Even if you have a record player that can do 78 RPM speeds, you may have noticed that the sound is poor, with a lot of clicking and popping.
The primary reason for this is that on an average 78 RPM record, the groove containing the sound pattern is 3 mil (thousandth of an inch) wide, whereas the grooves on microgroove and 33/45 RPM records is a mere 1 mil wide. This difference translates into the stylus tip, which is comically undersized for the 3 mil grooves and ends up dragging somewhere in the very bottom of the groove, missing entirely out on the patterns etched higher up on the sides. This is why in the past styluses would often come in the flip-style version, as pictured above.
Its also possible to purchase the mono, 3 mil styluses today from Audio-Technica and...
01:29
Sirius Friends Try to SLAPP or Intimidate Victims of the Company, So More Victims of the Company Speak Out Techrights
The companys victims include blind people
Saturday:
Sunday:
Summary: The crimes of Sirius Open Source turn out to have gone further than the pension fraud; according to a new message, the company withheld payment to staff that did a lot of work and weve seen even worse wage theft before (at one point the company was taken to court over it, almost exactly a decade ago if not many times more)
01:24
New AI model can cut out any object within an imageand Meta is sharing the code Lifeboat News: The Blog
On Wednesday, Meta announced an AI model called the Segment Anything Model (SAM) that can identify individual objects in images and videos, even those not encountered during training, reports Reuters.
According to a blog post from Meta, SAM is an image segmentation model that can respond to text prompts or user clicks to isolate specific objects within an image. Image segmentation is a process in computer vision that involves dividing an image into multiple segments or regions, each representing a specific object or area of interest.
01:24
Seven Free Open Source GPT Models Released Lifeboat News: The Blog
Silicon Valley AI company Cerebras released seven open source GPT models to provide an alternative to the tightly controlled and proprietary systems available today.
01:22
Post: What Will Transformers Transform? Lifeboat News: The Blog
Generative Pre-trained Transformer models (GPTs) are now all the rage and have inspired op-eds being written by everyone from Henry Kissinger (WSJ) to Noam Chomsky (NYTimes) in just the last month. That sure is some hype level.
Way back in the early history of GPTs, January 1st this year, I wrote briefly about them and said:
01:15
Firefox 112 Now Available With Support For Importing Chromium Snap Browser Data Phoronix
Mozilla has published the Firefox 112.0 binaries today ahead of tomorrow's official unveiling...
01:07
Palantir's Plan to Decipher the Mysteries of Long Covid SoylentNews
Palantir's Plan to Decipher the Mysteries of Long Covid:
65 million people are still suffering from long Covid, the mysterious cocktail of symptoms that persist in some patients more than 12 weeks after an initial infection. Researchers are still working to understand this illness, but it's been slow progress so far.
This is because long Covid is not just a medical problemit's also a data problem, says Indra Joshi, director of health, research, and artificial intelligence at Palantir, which specializes in analyzing big data.
Before the pandemic, US hospitals kept their data to themselves, Joshi told WIRED Health this March, making it difficult for policymakers and researchers to identify patterns of disease occurring across the country. That's why Palantir worked with the US medical research agency, the National Institutes of Health, to create what Joshi describes as one of the largest collections of Covid-19 health records in the world.
The National COVID Cohort Collaborative, aka N3C, is essentially a giant, collaborative database, enabling clinicians and researchers to study the deidentified data of people suffering from Covid-19 or related conditions. "If you're diagnosed with Covid now, your data goes into this enclave," says Joshi, explaining that N3C now includes 2.1 billion clinical observations. The data enclave also encourages clinicians to enter data in a standardized format, making it easy for their insights to be compared with data collected from other US hospitals.
By harmonizing all this data, the N3C acts as a collective pool of information that researchers can dip into to try to find consensus on the ongoing mysteries of long Covid: What exactly are the symptoms? What treatments are people receiving? And how are they responding to those treatments? Already the N3C data has helped better define the symptoms that make up long Covid. It has also revealed that Black and Hispanic Americans, in comparison to white patients, appear to experience more symptoms and health problems related to long Covid, but are less likely to be diagnosed.
...
00:35
OpenBSD 7.3 Released With AMD RDNA3 Graphics, Guided Disk Encryption Phoronix
Theo de Raadt has released OpenBSD 7.3 today as the 54th release for this BSD operating system project...
00:12
BSD Release: OpenBSD 7.3 DistroWatch.com: News
Theo de Raadt has announced the release of OpenBSD 7.3, the 54th release of the security-oriented operating system. Some of the key features include providing ksh acccess from the system installer, the use of LibreSSL 3.7.2, and OpenSSH 9.3. "We are pleased to announce the official release of....
00:06
Iran-linked MERCURY APT behind destructive attacks on hybrid environments Security Affairs
Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation.
The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY). Threat actors masqueraded the attacks as a standard ransomware operation.
MERCURY (aka MuddyWater, SeedWorm and TEMP.Zagros) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Irans Ministry of Intelligence and Security (MOIS).
The group was observed targeting both on-premises and cloud environments. According to Microsoft, MERCURY likely conducted the attacks in partnership with another actor tracked as DEV-1084, who carried out the destructive actions after MERCURY gained access to the target environment.
MERCURY likely exploited known vulnerabilities in unpatched applications for initial access before handing off access to DEV-1084 to perform extensive reconnaissance and discovery, establish persistence, and move laterally throughout the network, oftentimes waiting weeks and sometimes months before progressing to the next stage. reads the report published by Microsoft. DEV-1084 was then later observed leveraging highly privileged compromised credentials to perform en masse destruction of resources, including server farms, virtual machines, storage accounts, and virtual networks, and send emails to internal and external recipients.
DEV-1084 presented itself as cybercrime group likely as an attempt to hide its real motivation of a nation-state actor.
The link between the DEV-1084 cluster and MERCURY was established based on the following evidence:
- Both DEV-1084 and MERCURY were observed sending emails from the IP address 146.70.106[.]89.
- Both groups used MULLVAD VPN.
- in previous attacks....
00:05
OpenBSD 7.3 has been released. As usual, the list of changes and new features is long; click below for the details.
00:01
Security updates for Monday LWN.net
Security updates have been issued by Debian (openimageio and udisks2), Fedora (chromium, curl, kernel, mediawiki, and seamonkey), Oracle (httpd:2.4), Red Hat (httpd and mod_http2 and tigervnc), SUSE (ghostscript and kernel), and Ubuntu (irssi).
00:00
OpenBSD 7.3 released OpenBSD Journal
Calgary and elsewhere, : The OpenBSD project today announced the release and general availability of its latest stable version, OpenBSD 7.3.
Eagerly anticipated by users, engineers, enthusiasts and industry pundits all over the world, this release contains a number of improvements over earlier versions, including but not limited to
- Improved hardware support, including new arm64 variants and numerous network and graphics driver updates
- Improved general and network performance due to steadily improving multi-core support
- More flexible network configuration, now supporting lladdr-based config [See earlier report.]
- retguard for amd64 system calls [See earlier report.]
- Enhanced memory and process security [See earlier report]
- Relinking of network exposed daemons at boot time [See earlier report.]
- execute-only (xonly) [See earlier report.]
pinsyscall(2)[See earlier report.]- Improved versions of OpenSSH (9.3), LibreSSL (3.7.2), OpenBGPD (7.9)
- Support for disk encryption in the installer [See earlier report.]
- X11 Mesa shader cache enabled.
- More aggressive randomisation of the stack location for all 64-bit architectures except alpha [See earlier report.]
You may notice that the list of OpenBSD Innovations has grown a bit too, while the detailed changelog offers more detail.
All reasonably modern architectures had install sets and complete binary packages available on the mirrors...
00:00
The Real John Wick-Style Bullet Proof Suit Hackaday
If youve seen the John Wick movies, youve probably had to suspend your disbelief about many things, but the bulletproof suits are perhaps the hardest thing to swallow. They look like stylish suits but are impervious to just about anything at any range. Whats more is when you are hit, they seem to absorb all impact with no effect on the wearer at all.
You can keep running, firing, or karate kicking while the suit takes all of the bullets. You can even pull your jacket up over your face if you want to protect that million-dollar smile. Physics, of course, tells us that a suit like this is pretty much impossible. Except that they actually exist. Granted, the real-life suits dont have the magic physics-defying powers of Mr. Wick̵...
Monday, 10 April
23:53
Alcasec Hacker, aka Robin Hood of Spanish Hackers, Arrested HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
Alcasec boasted about his hacks in a YouTube podcast.
This is a post from HackRead.com Read the original post: Alcasec Hacker, aka Robin Hood of Spanish Hackers, Arrested
23:26
Italy became the first Western country to ban ChatGPT. Heres what other countries are doing Lifeboat News: The Blog
It seems some countries in Europe might ban ChatGPT due to privacy reasons.
Italy isnt the only country reckoning with the rapid pace of AI progression and its implications for society. Other governments are coming up with their own rules for AI, which, whether or not they mention generative AI, will undoubtedly touch on it. Generative AI refers to a set of AI technologies that generate new content based on prompts from users. It is more advanced than previous iterations of AI, thanks in no small part to new large language models, which are trained on vast quantities of data.
There have long been calls for AI to face regulation. But the pace at which the technology has progressed is such that it is proving difficult for governments to keep up. Computers can now create realistic art, write entire essays, or even generate lines of code, in a matter of seconds.
We have got to be very careful that we dont create a world where humans are somehow subservient to a greater machine future, Sophie Hackford, a futurist and global technology innovation advisor for American farming equipment maker John Deere, told CNBCs Squawk Box Europe Monday.
23:26
Ex-Theranos executive headed to prison after losing appeal Lifeboat News: The Blog
Anyone wonder why he might end up serving a longer sentence than Elizabeth Holmes?
Former Theranos executive Ramesh Sunny Balwani will be heading to prison later this month after an appeals court rejected his bid to remain free while he contests his conviction for carrying out a blood-testing hoax with his former boss and lover, Elizabeth Holmes.
KTVU delivers the best in-depth reports, interviews and breaking news coverage in the San Francisco Bay Area and California.
Watch KTVUs newscasts on https://www.ktvu.com/live.
Download KTVUs news and weather apps for free at https://www.ktvu.com/mobile-apps.
Follow KTVU on Facebook: https://www.facebook.com/ktvu.
23:23
Scientists May Have Found The Immunity Secret To Living To 100 Lifeboat News: The Blog
By Corrie Pelc Fact checked by Jessica Beake, Ph.D. The life expectancy of humans on our planet has more than doubled since 1900. Global life expectancy has increased from 31 years in 1900 to 73.2 years in 2023, and is expected to further increase to 77.1 years in 2050.
23:23
Time-Bending Experiment: Physicists Reveal Quantum Nature of Light in a New Dimension Lifeboat News: The Blog
Imperial physicists have performed the double-slit experiment in time, using materials that can change optical properties in femtoseconds, providing insights into the nature of light and paving the way for advanced materials that can control light in both space and time.
Imperial physicists have recreated the famous double-slit experiment, which showed light behaving as particles and a wave, in time rather than space.
In a groundbreaking development, Imperial College London.
23:23
Physicists Extend Qubit Lifespan in Pivotal Validation of Quantum Computing Lifeboat News: The Blog
Quantum computing promises to be a revolutionary tool, making short work of equations that classical computers would struggle to ever complete. Yet the workhorse of the quantum device, known as a qubit, is a delicate object prone to collapsing.
Keeping enough qubits in their ideal state long enough for computations has so far proved a challenge.
In a new experiment, scientists were able to keep a qubit in that state for twice as long as normal. Along the way, they demonstrated the practicality of quantum error correction (QEC), a process that keeps quantum information intact for longer by introducing room for redundancy and error removal.
23:01
8 open source Easter eggs to have fun with your Linux terminal Linux.com
Hunt these 8 hidden or surprising features to make your Linux experience more entertaining.
Read More at Enable Sysadmin
The post 8 open source Easter eggs to have fun with your Linux terminal appeared first on Linux.com.
23:01
Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military The Hacker News
An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. If found guilty, he faces up to 20 years in prison. Court documents allege that Shevlyakov operated
22:54
Links 10/04/2023: LibreArts Weekly and More Techrights
Contents
-
GNU/Linux
-
9to5Linux 9to5Linux Weekly Roundup: April 9th, 2023
This week and the next are slow in Linux news and releases due to many people celebrating Easter around the globe, but we still got some things to play with, such as a new BlackArch Linux release for penetration testing and ethical hacking, new HPLIP printing/scanning driver, and new KDE goodies.
New hardware was also announced this week from TUXEDO Computers and PINE64, and a couple of popular apps got new releases. Check out the hottest news of this week and access all the distro and package downloads in 9to5Linuxs Linux weekly roundup for April 9th, 2023, below.
-
Audiocasts/Shows
-
Bryan Lunduke ...
-
-
22:45
Hackers Flood NPM with Bogus Packages Causing a DoS Attack The Hacker News
Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri said in a
22:43
Intel oneAPI Level Zero Loader 1.10 Released Phoronix
Intel has released oneAPI Level Zero Loader 1.10 today, which implements the Level Zero v1.6 specification...
22:22
How Intel Scaled Down the 8086 Processor and Reverse-Engineering the Division Microcode SoylentNews
https://www.righto.com/2020/06/die-shrink-how-intel-scaled-down-8086.html
The revolutionary Intel 8086 microprocessor was introduced 42 years ago this month so I've been studying its die.1 I came across two 8086 dies with different sizes, which reveal details of how a die shrink works. The concept of a die shrink is that as technology improved, a manufacturer could shrink the silicon die, reducing costs and improving performance. But there's more to it than simply scaling down the whole die. Although the internal circuitry can be directly scaled down,2 external-facing features can't shrink as easily. For instance, the bonding pads need a minimum size so wires can be attached, and the power-distribution traces must be large enough for the current. The result is that Intel scaled the interior of the 8086 without change, but the circuitry and pads around the edge of the chip were redesigned.
[...] The photo above shows the two 8086 dies at the same scale. The two chips have identical layout in the interior,7 although they may look different at first. The chip on the right has many dark lines in the middle that don't appear on the left, but this is an artifact. These lines are the polysilicon layer, underneath the metal; the die on the left has the same wiring, but it is very faint. I think the newer chip has a thinner metal layer, making the polysilicon more visible.
The magnified photo below shows the same circuitry on the two dies. There is an exact correspondence between components in the two images, showing the circuitry was reduced in size, not redesigned. (These photos show the metal layer on top of the chip; some polysilicon is visible in the right photo.)
Read more of this story at SoylentNews.
21:38
Top 10 Cybersecurity Trends for 2023: From Zero Trust to Cyber Insurance The Hacker News
As technology advances, cyberattacks are becoming more sophisticated. With the increasing use of technology in our daily lives, cybercrime is on the rise, as evidenced by the fact that cyberattacks caused 92% of all data breaches in the first quarter of 2022. Staying current with cybersecurity trends and laws is crucial to combat these threats, which can significantly impact business development
21:07
RADV Driver Enables Graphics Pipeline Library Support By Default Phoronix
In time for the upcoming Mesa 23.1 branching and feature freeze, Samuel Pitoiset of Valve's Linux graphics driver team has enabled the graphics pipeline library "GPL" support by default with the Radeon RADV Vulkan driver...
21:00
Tree Supports Are Pretty, So Why Not Make Them Part of the Print? Hackaday
Heres an idea that [Nephlonor] shared a couple years ago, but is worth keeping in mind because one never knows when it might come in handy. He 3D printed a marble run track and kept the generated tree supports. As you can see in the image above, the track resembles a roller-coaster and the tree supports function as an automatically-generated scaffolding for the whole thing. Clever!
As mentioned, these results are from a couple of years ago; so this idea should work even better nowadays. Tree supports have come a long way since then, and are available in more slicers than just Cura.
20:58
AMD Has Some Linux Fixes For Older "Picasso" Ryzen Laptops On The Way Phoronix
While AMD Zen 4 "Dragon Range" and "Phoenix" laptops are imminent, for those using an older AMD Picasso laptop design from 2019, there are some new Linux fixes on the way for enhancing that older Zen+ experience...
20:47
Intel Media Driver 2023Q1 Adds Meteor Lake AV1 Error-Resilient Video Encoding Phoronix
The Intel Media Driver 2023Q1 has been published as the newest feature release for Intel's open-source video acceleration driver providing VA-API support across generations of their integrated graphics as well as newer discrete graphics...
20:28
NeoMagic & Savage Linux X.Org Drivers Updated For Late 90's Graphics Phoronix
Longtime X.Org release wrangler Alan Coopersmith at Oracle spent some of his Easter working out new releases of seldom-touched X.Org graphics/display drivers...
20:16
Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign The Hacker News
Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks. "This campaign is easily identified
20:01
Casino 777 Monte Carlo h+ Media
Casino 777 Monte Carlo
Since our launches, weve hosted a hundred+ Online video video games for patrons everywhere in the globe the place you could decide your favored one Game and Play Us. ECOGRA is an international testing agency that accredits and regulates the world of on-line playing. It checks to see whether online casinos are honest, fair and safe. ECOGRA is the word on accountable gambling and protects gamers in opposition to unfair practices. Playing for free is a real choice for Indian on-line on line casino gamers in all states, even Maharashtra. Its a nice way to test drive your casino with out having to make any sort of commitment or take on any type of risk.
Let us transfer on to the other segments now, and see if we can find something that could cheer you up. Below you can see answers to the preferred questions on our official Melbet utility. The concept of Roulette is that the table has a wheel with pink numbers, black numbers, and a green zero number. Melbet software has European Roulette, French Roulette, American Roulette, and others. A combo wager is a mix of multiple single bets, where you place a single bet, win it, and place the winnings of the primary single bet on another single guess. The Melbet app is out there not just for Android but also for iOS.
This brings us to some of the important reasons why you would possibly wish to enroll the bonuses. We were disenchanted with the on line casino section, for positive. That is as a end result of the part was there but we discovered no games inside.
- The gaming expertise supplied by Highstakes is of the highest calibre and can be loved at any time and from any location.
- Highstakes supplies its gamers with a wide selection of bonuses and promotions, such as welcome bonuses, free spins, and loyalty rewards.
- The second step will require you to specify your name and choose the account currency.
- We will describe all of the features, otherwise youll have downloaded the app and recognized all its packages on your own.
- If you may be wondering how the flowers look when entrapped on a fairys wing whereas shes taking a full moon bath, heres the visualisation for you.
- Melbet app for iPhone is out there free of charge for anybody and has all the identical features as the website.
Yes, all official Melbet apps for Android and iPhone gadgets are utterly free. You can rapidly set up them in your device using the links on the official web site. Withdraw money in a handy method via the applying. This type of guess is simply a mixture of a number of Accumulator bets.
Bingo, Keno, and Scratch Cards are simply few of the video games that fall into this category. These games offer a refreshing change of tempo from the extra conventional casino games, as properly as the potential for some very profitable winnings. Now that you realize about all of the spo...
Casino 777 Monte Carlo h+ Media
Casino 777 Monte Carlo
Since our launches, weve hosted a hundred+ Online video video games for patrons everywhere in the globe the place you could decide your favored one Game and Play Us. ECOGRA is an international testing agency that accredits and regulates the world of on-line playing. It checks to see whether online casinos are honest, fair and safe. ECOGRA is the word on accountable gambling and protects gamers in opposition to unfair practices. Playing for free is a real choice for Indian on-line on line casino gamers in all states, even Maharashtra. Its a nice way to test drive your casino with out having to make any sort of commitment or take on any type of risk.
Let us transfer on to the other segments now, and see if we can find something that could cheer you up. Below you can see answers to the preferred questions on our official Melbet utility. The concept of Roulette is that the table has a wheel with pink numbers, black numbers, and a green zero number. Melbet software has European Roulette, French Roulette, American Roulette, and others. A combo wager is a mix of multiple single bets, where you place a single bet, win it, and place the winnings of the primary single bet on another single guess. The Melbet app is out there not just for Android but also for iOS.
This brings us to some of the important reasons why you would possibly wish to enroll the bonuses. We were disenchanted with the on line casino section, for positive. That is as a end result of the part was there but we discovered no games inside.
- The gaming expertise supplied by Highstakes is of the highest calibre and can be loved at any time and from any location.
- Highstakes supplies its gamers with a wide selection of bonuses and promotions, such as welcome bonuses, free spins, and loyalty rewards.
- The second step will require you to specify your name and choose the account currency.
- We will describe all of the features, otherwise youll have downloaded the app and recognized all its packages on your own.
- If you may be wondering how the flowers look when entrapped on a fairys wing whereas shes taking a full moon bath, heres the visualisation for you.
- Melbet app for iPhone is out there free of charge for anybody and has all the identical features as the website.
Yes, all official Melbet apps for Android and iPhone gadgets are utterly free. You can rapidly set up them in your device using the links on the official web site. Withdraw money in a handy method via the applying. This type of guess is simply a mixture of a number of Accumulator bets.
Bingo, Keno, and Scratch Cards are simply few of the video games that fall into this category. These games offer a refreshing change of tempo from the extra conventional casino games, as properly as the potential for some very profitable winnings. Now that you realize about all of the spo...
20:00
On Line Casino 777 Monte Carlo h+ Media
On Line Casino 777 Monte Carlo
Because the app complies with all applicable licencing and regulatory necessities, customers can trust that their monetary transactions and in-app purchases shall be secure. Moreover, if you are someone new to this field and struggling to comprehend the platform, do not forget that World777 has buyer care services that will assist you to with every little thing. It is indeed heaven for individuals who love full-proof and real-time betting. ITech Labs is a testing and certification lab for Online Gaming techniques, focusing on compliance, software high quality, reporting and delivery. Having testing completed by iTech Labs ensures that video games and gaming methods adjust to all relevant requirements, and that theyre truthful, dependable and resilient. No problem cash-outs with money being launched days after a withdrawal request is made.
First issues first, this platform has more than a thousand video games to select from. Cricket, soccer, horse driving, tennis, basketball, and whatnot. Choose your favourite sport, examine the schedule, and play your game.
In every case, you must examine the particular terms for the promotion as there may be significant rollover requirements on your free balance before youre allowed to make a withdrawal. Essentially, you must attempt to see both free spins and deposit bonuses as alternatives to experience and benefit from the online on line casino of your choice, quite than as a chance to win a big sum of money. If you could have learn our earlier evaluations, you understand that were at all times honest with our readers, so you understand 777 Review will be as fair.
You will essentially need to entry 777 on your desktop. You could try utilizing your smartphone too, however we are not too certain how responsive the website is. But there was no point out on the website of any mobile phone software. This is one other area in which we hope 777 should make some progress sooner quite than later.
This may be carried out in a couple of minutes by filling in the registration kind along with your personal info. You can set up an automatic installation of updates in your Android or iOS gadget settings. They will not be that important to you, but we assure you that youll positively acknowledge these when you start using the app.
Stay on the identical page to deposit money, or go to the Withdraw part if you want to transfer funds to your card or e-wallet. The Melbet cell lets you be in the recreation and on the go at the similar time. It is handy, fast, and steady and delivers the proper user-friendly experience in terms of look, design, and performance. As we already mentioned, you can obtain it from the official web site of the bookmaker. Under the attendance withdrawal program, you could also ship https://bahis-siteleri.icu/enchanted-7s-slots/ this...
19:57
777 On Line Casino App Openhot688com$$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$$bis Bulk And Block Deals h+ Media
777 On Line Casino App Openhot688com$$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$$bis Bulk And Block Deals
The app will be out there via an icon in the menu of your system. You do not want to fret as a outcome of we have created a website for you and allrummyapps.com on which you shall be able to obtain all these applications. In our website, in the future after one other, new apps are being launched, so at present, a new app has been launched called the Rummy Frenzy Game, if youd wish to know about it.
In case you play for more than a sure quantum on 777, you also get an exclusive invite to the VIP Club of 777. The Welcome Bonus offers you a FreePlay price $200 as soon as you make your first deposit. A welcome bonus email with all the small print might be immediately despatched to your registered email id. You have to enter the coupon code WELCOME777 on the time of registration. The welcome bonus is one hundred pc, so it means that if you make the first deposit of $100, then youll be able to play for $200. This FreePlay can be used in selected video games in Jackpot, Blackjack, and Roulette sections.
- If youre wondering how the flowers look when entrapped on a fairys wing while shes taking a full moon tub, this is the visualisation for you.
- You can divide bonuses for Sports and Casino as you open the Promotions web page.
- To most, residing a lifetime of a star can spell romance, excessive enjoyment and a lavish way of life, even if it lasts for a quantity of days.
- We are a trusted internet primarily based platform with the passion for building healthy relation with our customers Nationally and the world over.
Our payout guide will inform you the means to spot casinos with quick payouts. The object of the game is to foretell the place a small white ball will fall after spinning across the fringe of a roulette wheel. As the carousel rotates in the different way, the ball completes forty rotations. When the ball hits the carousel, it bounces round randomly before touchdown in a number-marked slot. If you are a sports betting enthusiast, then 777 just isnt the portal for you. We have accomplished three segments of this evaluate thus far, and on all three we now have been quite dissatisfied.
Your search query cannot be longer than 128, so we shortened your query. To most, residing a life of a celeb can spell romance, excessive enjoyment and a lavish life-style, even when it lasts for a couple of days. On 18 March 2014, Christies South Kensington will offer the collection of celebrated interior designer Tessa Kennedy inside the sale of Interiors. Around $60 bn is spent on all types of playing in India, however only a fifth of it is legally accounted, in accordance with a 2010 research by KPMG.
This wide range of video games will not go away you bored and just b...
777 On Line Casino App Openhot688com$$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$$bis Bulk And Block Deals h+ Media
777 On Line Casino App Openhot688com$$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$$bis Bulk And Block Deals
The app will be out there via an icon in the menu of your system. You do not want to fret as a outcome of we have created a website for you and allrummyapps.com on which you shall be able to obtain all these applications. In our website, in the future after one other, new apps are being launched, so at present, a new app has been launched called the Rummy Frenzy Game, if youd wish to know about it.
In case you play for more than a sure quantum on 777, you also get an exclusive invite to the VIP Club of 777. The Welcome Bonus offers you a FreePlay price $200 as soon as you make your first deposit. A welcome bonus email with all the small print might be immediately despatched to your registered email id. You have to enter the coupon code WELCOME777 on the time of registration. The welcome bonus is one hundred pc, so it means that if you make the first deposit of $100, then youll be able to play for $200. This FreePlay can be used in selected video games in Jackpot, Blackjack, and Roulette sections.
- If youre wondering how the flowers look when entrapped on a fairys wing while shes taking a full moon tub, this is the visualisation for you.
- You can divide bonuses for Sports and Casino as you open the Promotions web page.
- To most, residing a lifetime of a star can spell romance, excessive enjoyment and a lavish way of life, even if it lasts for a quantity of days.
- We are a trusted internet primarily based platform with the passion for building healthy relation with our customers Nationally and the world over.
Our payout guide will inform you the means to spot casinos with quick payouts. The object of the game is to foretell the place a small white ball will fall after spinning across the fringe of a roulette wheel. As the carousel rotates in the different way, the ball completes forty rotations. When the ball hits the carousel, it bounces round randomly before touchdown in a number-marked slot. If you are a sports betting enthusiast, then 777 just isnt the portal for you. We have accomplished three segments of this evaluate thus far, and on all three we now have been quite dissatisfied.
Your search query cannot be longer than 128, so we shortened your query. To most, residing a life of a celeb can spell romance, excessive enjoyment and a lavish life-style, even when it lasts for a couple of days. On 18 March 2014, Christies South Kensington will offer the collection of celebrated interior designer Tessa Kennedy inside the sale of Interiors. Around $60 bn is spent on all types of playing in India, however only a fifth of it is legally accounted, in accordance with a 2010 research by KPMG.
This wide range of video games will not go away you bored and just b...
19:53
Greatest Casino In Goa h+ Media
Greatest Casino In Goa
In case you play for greater than a sure quantum on 777, you additionally get an unique invite to the VIP Club of 777. The Welcome Bonus gives you a FreePlay worth $200 as quickly as you make your first deposit. A welcome bonus e mail with all the details will be immediately despatched to your registered e mail id. You must input the coupon code WELCOME777 at the time of registration. The welcome bonus is one hundred pc, so it means that when you make the first deposit of $100, then you can play for $200. This FreePlay can be utilized in chosen games in Jackpot, Blackjack, and Roulette sections.
- All in all, the Live casino section gave the impression to be one of the most attention-grabbing segments of 777.
- Enjoy real-time betting and ensure to not miss out on your favourite sports activities and tournaments!
- For the remaining European international locations, an area licensee operates the providers.
- 777 Live Casino part on the 777 website appears essentially the most vibrant of all.
- Blackjack is a sport of playing cards the place the aim is to have a rating closer to 21 than the supplier with two cards dealt.
Live dealer video games are the following big factor within the on-line casino world. They permit gamers to expertise a level of realism by no means earlier than seen on this format. The primary distinction is that reside on line casino video games are played with an actual dealer who is beamed to your pc or cellular screen by way of a webcam. Youll be able to chat with the dealers just as youd in an actual casino, and so they could even present a quantity of ideas. Sometimes youll find a way to chat with other players too, so make positive to be a friendly opponent. As a results of deregulation and technological developments, the casino world has gone online and now you can play on-line on line casino games from the comfort of your own home or by touching the display screen on a cell system.
Wait Until The Top Of The Download
This brings us to some of the essential the purpose why you may wish to join the bonuses. We were disenchanted with the casino section, for positive. That is as a result of the section was there however we discovered no games inside.
Nice to see that there are such a fantastic application for betting and playing in Bangladesh. You can guess on international cricket matches with a pleasant design. How and Where to Download the Latest Version of the App?
Premium World777 satisfies your every demand for real-time online betting. Money Wheel is a sport of luck that consists of a giant spinning wheel and a desk with numbers and symbols for every section. The gamers win by predicting which image the cash wheel would cease at.
The app is prepared to work, and you might be able to register an account. In the folder of downloaded recordsdata, discover the installation file and...
Greatest Casino In Goa h+ Media
Greatest Casino In Goa
In case you play for greater than a sure quantum on 777, you additionally get an unique invite to the VIP Club of 777. The Welcome Bonus gives you a FreePlay worth $200 as quickly as you make your first deposit. A welcome bonus e mail with all the details will be immediately despatched to your registered e mail id. You must input the coupon code WELCOME777 at the time of registration. The welcome bonus is one hundred pc, so it means that when you make the first deposit of $100, then you can play for $200. This FreePlay can be utilized in chosen games in Jackpot, Blackjack, and Roulette sections.
- All in all, the Live casino section gave the impression to be one of the most attention-grabbing segments of 777.
- Enjoy real-time betting and ensure to not miss out on your favourite sports activities and tournaments!
- For the remaining European international locations, an area licensee operates the providers.
- 777 Live Casino part on the 777 website appears essentially the most vibrant of all.
- Blackjack is a sport of playing cards the place the aim is to have a rating closer to 21 than the supplier with two cards dealt.
Live dealer video games are the following big factor within the on-line casino world. They permit gamers to expertise a level of realism by no means earlier than seen on this format. The primary distinction is that reside on line casino video games are played with an actual dealer who is beamed to your pc or cellular screen by way of a webcam. Youll be able to chat with the dealers just as youd in an actual casino, and so they could even present a quantity of ideas. Sometimes youll find a way to chat with other players too, so make positive to be a friendly opponent. As a results of deregulation and technological developments, the casino world has gone online and now you can play on-line on line casino games from the comfort of your own home or by touching the display screen on a cell system.
Wait Until The Top Of The Download
This brings us to some of the essential the purpose why you may wish to join the bonuses. We were disenchanted with the casino section, for positive. That is as a result of the section was there however we discovered no games inside.
Nice to see that there are such a fantastic application for betting and playing in Bangladesh. You can guess on international cricket matches with a pleasant design. How and Where to Download the Latest Version of the App?
Premium World777 satisfies your every demand for real-time online betting. Money Wheel is a sport of luck that consists of a giant spinning wheel and a desk with numbers and symbols for every section. The gamers win by predicting which image the cash wheel would cease at.
The app is prepared to work, and you might be able to register an account. In the folder of downloaded recordsdata, discover the installation file and...
19:35
NASA's TEMPO Mission Could Bring You Hyper-Local Pollution Alerts SoylentNews
NASA's TEMPO Mission Could Bring You Hyper-Local Pollution Alerts:
An advanced tool for monitoring air pollution from space is set to launch on Friday morning, and it'll be hosted on a commercial satellite.
A soon-to-launch NASA mission is set to offer more data on North America's air quality than researchers and public health programs have ever had available before. A new monitoring instrument hosted on a commercial satellite will offer continent-wide, hourly updates on air pollution, at about a four square mile resolution, according to the space agency and partner groups behind the project.
The Tropospheric Emissions Monitoring of Pollution (TEMPO) instrument will keep tabs on the air quality in a region stretching from the oil sands in Canada to south of Mexico City, and from the Atlantic to Pacific coasts, according to a NASA news statement.
The device will use advanced imaging to collect detailed light scattering data (i.e. hyperspectral data) on sunlight reflected off of Earth's atmosphere at varying levels. Using this information, scientists back on the ground will be able to translate those wavelengths of light into local concentrations of different pollutants in the air, explained Dennis Nicks, director of payload engineering at Ball Aerospacethe company that NASA contracted to design and build the TEMPO instrument, during a Wednesday press briefing.
Read more of this story at SoylentNews.
19:31
Samsung employees unwittingly leaked company secret data by using ChatGPT Security Affairs
Samsung employees have unwittingly leaked top secret data by providing them to the popular chatbot service ChatGPT.
Samsung employees have shared internal documents, including meeting notes and source code, with the popular chatbot service ChatGPT. ChatGPT uses data provided by the users to train itself and build its experience, with the risk that this data can be available to other users that will query the popular chatbot.
Samsung engineers used ChatGPT to assess the company source code, they asked the chatbot to optimize test sequences for identifying faults in the chips they were designing. According to the website Techradar, in just under a month, the company suffered three data leaks caused by its employees leaking sensitive information via ChatGPT.
In another case, an employee used ChatGPT to convert meeting notes into a presentation, the contents of which were obviously not something Samsung would have liked external third parties to have known. reported TechRadar.
The multinational IT firm has decided to start developing its own AI for internal use.
Samsung Electronics is warning its employees of the potential risks associated with the use of ChatGPT, explaining that there is no way to prevent the leak of the data provided to OpenAIs chatbot service.
It is not clear if Samsung has requested the deletion of the data provided by its workers to OpenAI.
Early this month, the Italian Data Protection Authority, Garante Privacy, temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.
The Authority pointed out that OpenAI does not alert users that it is collecting their data.
According to the announcement, there is no legal basis underpinning the massive collection and processing of personal data to train the algorithms on which the platform relies.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: ...
19:27
Protecting your business with Wazuh: The open source security platform The Hacker News
Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes and security solutions to curb these challenges. These solutions include firewalls, antiviruses, data
19:25
CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Open Source Security
Posted by Jacques Le Roux on Apr 10
Severity: importantDescription:
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz.This issue affects Apache OFBiz: before
18.12.07.
Required Configurations:
Using the Solr plugin
Solution:
Upgrade to release 18.12.07
Credit:
Skay <lhcaomail () gmail com> (finder)
References:
https://lists.apache.org/list.html?announce () apache org
https://ofbiz.apache.org/download.html...
19:23
Optically Coherent Nitrogen-Vacancy Defect Centers in Diamond Nanostructures Lifeboat News: The Blog
An analysis and improvement of the spectral properties of nitrogen-vacancy defects in diamond nanostructures paves the way for efficient entanglement generation necessary for many quantum information applications.
19:23
High-Power, Room-Temperature, Coherent Microwave Source Lifeboat News: The Blog
Magnetic spin excitations can combine with photons to produce exotic particles that emit laser-like microwaves.
One of the challenges for building systems for quantum computing and communications has been the lack of laser-like microwave sources that produce sufficient power but dont require extreme cooling. Now a research team has demonstrated a new room-temperature technique for making coherent microwave radiationthe kind that comes from a laser [1]. The device exploits the interaction of a magnetic material with electromagnetic fields. The researchers expect that the work will lead to microwave sources that can be built into chips employed in future quantum devices.
The devices that store quantum bits for quantum computers often require microwave signals to input and retrieve data, so lasers operating at microwave frequencies (masers)and other sources of coherent microwavescould be very useful. But even though masers were invented before lasers, most maser technologies work only at ultracold temperatures. A 2018 design works at room temperature but doesnt produce very much power [2].
18:38
CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution Open Source Security
Posted by Heping Wang on Apr 10
Severity: importantDescription:
In Apache Linkis <=1.3.1, because the parameters are not
effectively filtered, the attacker uses the MySQL data source and malicious parameters to
configure a new data source to trigger a deserialization vulnerability, eventually leading to
remote code execution.
Versions of Apache Linkis <= 1.3.0 will be affected.
1.3.2.
Credit:
sw0rd1ight...
18:37
Nintendo Hunts Down Zelda: Tears of the Kingdom Leaker on Discord TorrentFreak
As Nintendos official website for Switch game
The
Legend of Zelda: Tears of the Kingdom states, The
adventure begins on May 12. Officially, at least.
The hotly anticipated sequel to The Legend of Zelda: Breath of the Wild will go on sale next month in digital and physical formats, with the latter also available as a special Collectors Edition.
Targeted at Zelda connoisseurs, the special edition includes The Legend of Zelda: Tears of the Kingdom (physical version), Artbook, SteelBook case, Steel Poster, and a set of four pin badges.
Pre-Release Leak: February 2023
On February 20, 2023, Eurogamer reported that a 200-page Artbook had been leaked online, containing details of new characters, enemies, enemy types, and new locations.
Its currently unclear how this art book managed to leak, so far in advance of Zelda: Tears of the Kingdoms official launch date, the publication noted at the time.
Two months later, its clear that a) Nintendo is very aware of the leak and b) they have a specific internet user in mind as the potential leaker.
DMCA Takedown Sent to Discord
On February 21, Nintendo of America sent a DMCA notice to Discord. The complaint targeted a Discord channel named Tears of the Kingdom Official Discord Server.
The notice went on to target six specific URLs featuring images or links to images from Nintendos copyright-protected and unreleased special edition art book for The Legend of Zelda: Tears of the Kingdom video game in violation of Nintendos rights.
Just eight minutes after the takedown notice was sent to
Discord, the platform acknowledged the complaint and told Nintendo
that the content will be removed promptly.
Around ten hours after sending the initial takedown notice, Nintendo followed up with a request for immediate review and takedown of the Discord channel, noting that members were still distributing the pre-release artwork using direct messages and links.
Additionally, some members have bee...
18:36
CVE-2023-29215: Apache Linkis JDBC EngineCon has a deserialization command execution Open Source Security
Posted by Heping Wang on Apr 10
Severity: importantDescription:
In Apache Linkis <=1.3.1, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC
URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the...
18:33
CVE-2023-27987: Apache Linkis gateway module token authentication bypass Open Source Security
Posted by Heping Wang on Apr 10
Severity: importantDescription:
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy
for attackers to obtain the default token for the attack. Generation rules should add random values.
And modify the default token value. You can refer to
Token authorization[1]...
18:31
CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue Open Source Security
Posted by Heping Wang on Apr 10
Severity: importantDescription:
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a
Zip Slip issue, which will lead to a potential RCE vulnerability.
1.3.2.
Credit:
4ra1n (reporter)
References:
https://linkis.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-27603
18:29
CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Open Source Security
Posted by Heping Wang on Apr 10
Severity: importantDescription:
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded
files, and file types.
1.3.2.
For versions
<=1.3.1, we suggest turning on the file path check switch in linkis.properties
`wds.linkis.workspace.filesystem.owner.check=true`
`wds.linkis.workspace.filesystem.path.check=true`...
18:00
ISD1700 Based Lo-Fi Sampler Hackaday
Custom music instruments here at Hackaday range from wacky to poignant. OpnBeat by [Hiro Akihabara] focuses on something different: simplicity.
There are few buttons, the design and code are optimized to be straightforward and easy to modify, and the interface is slick. Eight musical keys complement three interface keys and a knob. An Arduino Nano powers the main brains of the system but the music generation comes from eight Nuvoton ISD1700s controlled over SPI by the Nano. The beautifully laid-out PCB is 110mm by 180mm (4.33 by 7), so cases can easily be printed on smaller FDM printers. All the switches are Cherry MX switches for the beautiful tactile feedback.
The code, PCB, and 3D case files are all available on GitHub. We love the thought that went into the design and the focus on making it easy to recreate. It might be quite as cute and simplified as this twelve-button musical macro pad, but the two together could make quite the band.
...
17:01
IRC Proceedings: Sunday, April 09, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-090423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-090423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-090423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-090423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:00
The Crucifixion Gap: Why it Took Hundreds of Years for Art to Depict Jesus on the Cross Terra Forming Terra
Hobbyist Finds Maths Elusive Einstein Tile Terra Forming Terra
Scientists put a semi-transparent solar roof on a greenhouse, and unexpected things happened Terra Forming Terra
How to Tame the Endless Infinities Hiding in the Heart of Particle Physics Terra Forming Terra
16:50
In the War on Bacteria, Its Time to Call in the Phages SoylentNews
Regulators have to figure out how to get them on the market:
Ella Balasa was 26 when she realized the routine medical treatments that sustained her were no longer working. The slender lab assistant had lived since childhood with the side effects of cystic fibrosis, an inherited disease that turns mucus in the lungs and other organs into a thick, sticky goo that gives pathogens a place to grow. To keep infections under control, she followed a regimen of swallowing and inhaling antibioticsbut by the beginning of 2019, an antibiotic-resistant bacterium lodged in her lungs was making her sicker than she had ever been.
Balasa's lung function was down to 18 percent. She was feverish and too feeble to lift her arms over her head. Even weeks of intravenous colistin, a brutal last-resort antibiotic, made no dent. With nothing to lose, she asked a lab at Yale University whether she could volunteer to receive the organisms they were researching: viruses that attack bacteria, known as bacteriophages.
[...] And it worked. The viruses penetrated the goo, attacked the bacteria, and killed a portion of them; the rest of the bacteria weakened enough that antibiotics could knock them out. Balasa's body cleared the life-threatening infection faster than ever before.
[...] There's an asterisk to her success: Phages are unapproved drugs, not just in the United States, but in the United Kingdom and Western Europe, too. No company makes them for commercial sale in those countries, and hospitals and pharmacies don't stock them. To administer them, physicians must seek a compassionate-use authorization from a government regulatorin Balasa's case, the US Food and Drug Administrationshowing their patients have no other options.
Read more of this story at SoylentNews.
16:47
Links 10/04/2023: Linux 6.3 RC 6 and LibreSSL 3.7.2 Released Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Linux M...
-
16:25
CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands
15:00
Parallel Computing on the PicoCray RP2040 Cluster Hackaday
[ExtremeElectronics] cleverly demonstrates that if one Raspberry Pi Pico is good, then nine must be awesome. The PicoCray project connects multiple Raspberry Pi Pico microcontroller modules into a parallel architecture leveraging an I2C bus to communicate between nodes.
The same PicoCray code runs on all nodes, but a grounded pin on one of the Pico modules indicates that it is to operate as the controller node. All of the remaining nodes operate as processor nodes. Each processor node implements a random back-off technique to request an address from the controller on the shared bus. After waiting a random amount of time, a processor will check if the bus is being used. If the bus is in use, the processor will go back to waiting. If the bus is not in use, the processor can request an address from the controller.
Once a processor node has an address, it can be sent tasks from the controller node. In the example application, these tasks involve computing elements of the Mandelbrot Set. The particular elements to be computed in a given task are allocated by the controller node which then l...
14:52
When Does the Narrative Replace Reality? cryptogon.com
Via: Truthstream Media: Backup:
14:04
Australia Takes First Steps Towards Banning TikTok SoylentNews
Australia will ban tiktok on government devices despite claims by chinese officials that the application is safe to use.
Is any application on a mobile device really safe to use? What personal data do they collect? Where do they send it? Why don't mobile devices come with the firewall enabled?
Australia's top spy agency has added to growing concerns about a popular social media app, and its collection of users' personal data. State governments across the nation are issuing TikTok bans on official work devices as concerns about data safety increase worldwide.
The app's Australian general manager Lee Hunter recently told The Project that users should feel "safe" on TikTok, and claimed China had no way of accessing data despite the site's parent company operating out of China.
However, national intelligence organisation Australian Signals Directorate (ASD) recently released advice about the app, warning the general public not to use it on a device that can access other information.
"Do not use it on a phone that can access any official information, for example, any workplace communication (email clients, MS Teams)," the ASD warned in advice shared by the Tasmanian government.
Previously:
The
'Insanely Broad' RESTRICT Act Could Ban VPNs in the USA
Banning
TikTok
TikTok
Would be Banned From US "for Good" Under Bipartisan Bill
President
Trump Threatens TikTok Ban, Microsoft Considers Buying TikTok's
U.S. Operations[Updated 2]
Read more of this story at SoylentNews.
14:00
5G connections set to rise past 5.9 billion by 2027 Help Net Security
Global 5G wireless connections increased by 76% from the end of 2021 to the end of 2022, reaching up to 1.05 billion, and it will touch a mark of 5.9 billion by the end of 2027, according to Omdia and 5G Americas. 5G is growing remarkably and scaling faster than any other previous generation of mobile wireless. While deployments and connections are added at a significant pace, the promise of 5G will be realized by More
The post 5G connections set to rise past 5.9 billion by 2027 appeared first on Help Net Security.
13:30
Cybercriminals use simple trick to obtain personal data Help Net Security
People reveal more personal information when you ask them the same questions a second time according to new research from the University of East Anglia. A new study reveals how simple repetition can make people over-disclose, and potentially put themselves at risk of identity theft and cybercrime. The research team say that understanding why people disclose personal data could help inform measures to address the problem. People over-disclose personal data From subscribing to online More
The post Cybercriminals use simple trick to obtain personal data appeared first on Help Net Security.
13:00
MSPs urged to refine security solutions in response to growing SMB needs Help Net Security
MSPs are focusing on automation and integration between their core tools to improve efficiency, service delivery and cost management, according to Kaseya. Automation, cybersecurity and integration About 90% of respondents hailed automation as a crucial technology for their business because it improves efficiency, allows them to take on more clients and generates more revenue by automating common processes like endpoint management, monitoring, patching, ticket resolution and even cybersecurity. 64% of the executive and 54% of More
The post MSPs urged to refine security solutions in response to growing SMB needs appeared first on Help Net Security.
12:00
Holograms: The Future of Speedy Nanoscale 3D Printing? Hackaday
3D printing by painting with light beams on a vat of liquid plastic was once the stuff of science fiction, but now is very much science-fact. More than that, its consumer-level technology that were almost at the point of being blas about. Scientists and engineers the world over have been quietly beavering away in their labs on the new hotness, nanoscale 3D printing with varying success. Recently IEESpectrum reports some promising work using holographic imaging to generate nanoscale structures at record speed.
Current stereolithography printers make use of UV laser scanned over the bottom of a vat of UV-sensitive liquid...
11:23
More Patient Data Exposed Through Tracking Pixels SoylentNews
Alcohol Recovery Startups Monument and Tempest Shared Patients' Private Data With Advertisers
Alcohol recovery startups Monument and Tempest shared patients' private data with advertisers:
For years, online alcohol recovery startups Monument and Tempest were sharing the personal information and health data of their patients with advertisers without their consent.
Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients' information in a data breach notification filed with California's attorney general last week, blaming their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest.
In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share information about visitors to their websites with tech giants, and often used for analytics and advertising.
The data shared with advertisers includes patient names, dates of birth, email and postal addresses and phone numbers, and membership numbers associated with the companies and patients' insurance provider. The data also included the person's photo, unique digital ID, what services or plan the patient is using, appointment information, and assessment and survey responses submitted by the patient, which includes detailed responses about a person's alcohol consumption and used to determine their course of treatment.
Monument's own website says these survey answers are "protected" and "used only" by its care team.
Read more of this story at SoylentNews.
10:26
Kernel prepatch 6.3-rc6 LWN.net
The 6.3-rc6 kernel prepatch is out for testing.
But before the festivities can begin, we still need to take care of business: Sunday still means another release candidate. Those rascally (and biologically confused) egg-laying rabbits must not distract us from kernel development.
10:20
DistroWatch Weekly, Issue 1014 DistroWatch.com: News
This week in DistroWatch Weekly: Review: carbonOS 2022.3, LibreELEC 11.0, Kodi 20.1News: Linux Mint polishes its themes and icons, Fedora plans to offer encryption by default, elementary OS improves sideloading experienceQuestions and answers: Finding processes, WINE security, favourite distributionsReleased last week: ExTiX 23.4Torrent corner: KDE neonUpcoming releases: FreeBSD....
10:00
HPR3831: Introducing Bumble Bee. Hacker Public Radio
Article: The "7 days to die" website. Author: The Fun Pimps. (N/A). An open-world game that is a unique combination of first-person shooter, survival horror, tower defense, and role-playing games. Play the definitive zombie survival sandbox RPG that came first. Supporting Article: The Steam page for "7 days to die". Author: Steampowered.com. (N/A). Note: This Early Access game is not complete and may or may not change further. If you are not excited to play this game in its current state, then you should wait to see if the game progresses further in development. Article: Cricut Maker 3 product page. Author: Cricut shop. (N/A). Make more than you ever dreamed possible with Cricut Maker 3, the ultimate smart cutting machine. Article: Welcome to the official site of Minecraft. Author: Mojang. (N/A). A game about placing blocks and going on adventures. Article: What is "Port Forwarding"? Author: Wikipedia. (N/A). In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host.
Code Review of Build System Specifications It Will Never Work in Theory
If you've ever had to maintain a 10,000-line Makefile, you'd know that getting programmers to take the problem of flexible, efficient, reproducible builds seriously is the hardest part of the job. If you want proof, try finding a breakpointing, single-stepping debugger for Make, Ant, or any other widely-used build tool.
But to paraphrase my brother, good engineers study carsgreat engineers also study the assembly lines that produce them, and this upcoming paper does exactly that. Based on analysis of over half a million changes from Eclipse and Qt, and a detailed qualitative analysis of 500 of those changes, they authors find that changes to build specs are less than half as likely to be discussed during code review as changes to application code, but that comments on those changes are more likely to point out defects than comments on code. They also find that developers' lack of understanding and interest in build systems is a major hindrance to better review.
Now if you'll excuse me, I have a deployment to roll back: apparently we bundled two incompatible versions of one of our dependencies
Build systems automate the integration of source code into executables. Maintaining build systems is known to be challenging. Lax build maintenance can lead to costly build breakages or unexpected software behaviour. Code review is a broadly adopted practice to improve software quality. Yet, little is known about how code review is applied to build specifications.
In this paper, we present the first empirical study of how code review is practiced in the context of build specifications. Through quantitative analysis of 502,931 change sets from the Qt and Eclipse communities, we observe that changes to build specifications are at least two times less likely to be discussed during code review when compared to production and test code changes. A qualitative analysis of 500 change sets reveals that (i) comments on changes to build specifications are more likely to point out defects than rates reported in the literature for production and test code, and (ii) issues related to evolvability of the code and dependency-related issues are the most frequently raised types of issues. Follow-up interviews with nine developers with 1-40 years of experience point out social and technical factors that hinder rigorous review of build specifications, such as a prevailing lack of understanding of and interest in build systems among developers, and the lack of dedicated tooling to support the review of build specifications.
Help Us Learn More About Automated Program Repair It Will Never Work in Theory
Researchers from George Mason University (Fairuz Nawer Meem and Dr. Brittany Johnson) are interested in hearing about your experiences in using automated program repair tools when carrying out software engineering tasks (e.g., writing code, finding and fixing bugs).
You can help by completing a ~20 min online survey to share your experiences. Upon completion, you will be given the opportunity to enter yourself in a raffle for one of four electronic gift cards worth $50 (e.g., Amazon gift card) via email as compensation for your time. If you are able, please complete this 20-minute recruitment survey to help us:
https://go.gmu.edu/ExperienceInAPR
If you have any questions about this study, please feel free to reach out via email to fmeem@gmu.edu. Thanks in advance for your help.
IRBNet number: 2006552-1
Code Review of Build System Specifications It Will Never Work in Theory
If you've ever had to maintain a 10,000-line Makefile, you'd know that getting programmers to take the problem of flexible, efficient, reproducible builds seriously is the hardest part of the job. If you want proof, try finding a breakpointing, single-stepping debugger for Make, Ant, or any other widely-used build tool.
But to paraphrase my brother, good engineers study carsgreat engineers also study the assembly lines that produce them, and this upcoming paper does exactly that. Based on analysis of over half a million changes from Eclipse and Qt, and a detailed qualitative analysis of 500 of those changes, they authors find that changes to build specs are less than half as likely to be discussed during code review as changes to application code, but that comments on those changes are more likely to point out defects than comments on code. They also find that developers' lack of understanding and interest in build systems is a major hindrance to better review.
Now if you'll excuse me, I have a deployment to roll back: apparently we bundled two incompatible versions of one of our dependencies
Mahtab Nejati, Mahmoud Alfadel, and Shane McIntosh. Code review of build system specifications: prevalence, purposes, patterns, and perceptions. In Proc. ICSE'23, 2023, https://rebels.cs.uwaterloo.ca/confpaper/2023/05/13/code-review-of-build-system-specifications-prevalence-purposes-patterns-and-perceptions.html.
Build systems automate the integration of source code into executables. Maintaining build systems is known to be challenging. Lax build maintenance can lead to costly build breakages or unexpected software behaviour. Code review is a broadly adopted practice to improve software quality. Yet, little is known about how code review is applied to build specifications.
In this paper, we present the first empirical study of how code review is practiced in the context of build specifications. Through quantitative analysis of 502,931 change sets from the Qt and Eclipse communities, we observe that changes to build specifications are at least two times less likely to be discussed during code review when compared to production and test code changes. A qualitative analysis of 500 change sets reveals that (i) comments on changes to build specifications are more likely to point out defects than rates reported in the literature for production and test code, and (ii) issues related to evolvability of the code and dependency-related issues are the most frequently raised types of issues. Follow-up interviews with nine developers with 1-40 years of experience point out social and technical factors that hinder rigor...
09:52
What is Cloud Mining and How Does it Work? HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
Cloud mining is a way for you to purchase mining power from a remote data centre. Cloud mining
This is a post from HackRead.com Read the original post: What is Cloud Mining and How Does it Work?
09:00
Hackaday Links: April 9, 2023 Hackaday
When it comes to cryptocurrency security, whats the best way to secure the private key? Obviously, the correct answer is to write it on a sticky note and put it on the bezel of your monitor; nobodyll ever think of looking there. But, if youre slightly more paranoid, and you have access to a Falcon 9, you might just choose to send it to the Moon. Thats what is supposed to happen in a few months time, as private firm Lunar Outposts MAPP, or Mobile Autonomous Prospecting Platform, heads to the Moon. The goal is to etch the private key of a wallet, cheekily named Nakamoto_1, on the rover and fund it with 62 Bitcoins, worth about $1.5 million now. The wallet will be funded by an NFT sale of space-themed electronic art, because apparently the project didnt have enough Web3.0 buzzwords yet. So whoever visits the lunar rover first gets to claim the contents of the wallet, whatever they happen to be worth at the time. Of course, it doesnt have to be a human who visits.
Speaking of crypto, it looks like anyone who owns a Macintosh has a copy of the original Bitcoin whitepaper. Mac user Andy Baio claims to have made the well-timed disco...
08:57
Cybercriminals Exploit CAN Injection Hack to Steal Cars HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
If it is connected, it is vulnerable; in this case, a Toyota RAV4 model was stolen within two minutes.
This is a post from HackRead.com Read the original post: Cybercriminals Exploit CAN Injection Hack to Steal Cars
06:34
Researchers disclose critical sandbox escape bug in vm2 sandbox library Security Affairs
The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability.
The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS score 9.8), that could be exploited to execute arbitrary shellcode.
vm2 is a sandbox that can run untrusted code in an isolated context on Node.js servers, it has approximately four million weekly downloads and its library is part of 722 packages.
The flaw was reported by the security researcher Seongil Wi from South Korean security firm KAIST WSP Lab.
The vulnerability affects all versions, including and prior to 3.9.14, it was addressed with the release of vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. reads the advisory published by vm2. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Wi also published two proof-of-concept (PoC) exploits for this vulnerability that can be used to escape the sandbox to create an empty file named flag on the host.
In October 2022, VM2 maintainers addressed another critical sandbox escape vulnerability tracked as CVE-2022-36067.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: ...
06:33
Thieves Can Steal Modern Cars by Tapping Into a Headlight Wire SoylentNews
As car security has advanced, the world of auto theft has quickly melded with the world of hacking. The advent of high-tech car keys means that hotwiring is out and methods like relay attacks are the new way to gain unauthorized access to a vehicle. Now, however, it seems that attackers have found a new way to entirely bypass the electronic security on modern cars: A method called CAN injection.
[...] The attack relies on a vehicle's CAN bus, the internal computer network that keeps everything running. If you've ever wondered how your car's engine, body control module, and all the little controllers scattered around the car all communicate, CAN bus is the answer. The system is universal in modern cars, and even aftermarket ECU manufacturers now build CAN integration into their products.
The attack method Tindell lays out relies on physical access to the car's CAN bus, meaning an attacker needs to get to the data wires that run through your car. By tapping into these wires, a thief can inject malicious commands into the network allowing the thief to wake up the car's computer controllers, falsify the presence of the car key, and drive off. [...]
[...] This attack isn't the easiest to pull off, given that it requires a thief to partially disassemble the target car, but it's powerful when done correctly entirely bypassing the car's key, unlike relay attacks that simply extend the key's radio range. Tindell lists multiple solutions that automakers can implement, most notably the "zero trust" approach wherein every device, even within a car's internal CAN bus, needs to verify itself during any communication.
Read more of this story at SoylentNews.
05:55
How to Create a Mobile Application for Android OS Step by Step? HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
Android OS is available on 3.3 billion devices in 190 countries across the globe, making Android app development
This is a post from HackRead.com Read the original post: How to Create a Mobile Application for Android OS Step by Step?
05:08
Linux 6.3-rc6 Released For Easter Phoronix
Linus Torvalds just released Linux 6.3-rc6 for this Easter Sunday as we work towards the official Linux 6.3 debut in the next few weeks...
05:06
Robert F. Kennedy, Jr. Will Run for President cryptogon.com
He has worked tirelessly to expose pharmaceutical industry vaccine terrorism. He is against central bank digital currencies. He acknowledges that the CIA assassinated his uncle, JFK. Via: The Defender: Robert F. Kennedy, Jr., founder of Childrens Health Defense (CHD), on Wednesday moved one step closer to seeking the Democratic nomination for U.S. president by filing []
04:35
Security Affairs newsletter Round 414 by Pierluigi Paganini International edition Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
04:29
Switzerland Stops Covid Vaccinations cryptogon.com
Via: Dr. Robert Malone: The Government of Switzerland coming out with this position is a clear recognition that objective scientific analysis of the risk/benefit ratio of COVID-19 vaccines does not justify vaccination in any cohort. Note that the Swiss position is that physicians can prescribe, but will need to carry the risk of liability in []
Sunday, 09 April
22:02
Search Outcomes For: 888 Casino Opentop883 Com$limitadong Regalo!mag-register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$ N h+ Media
Search Outcomes For: 888 Casino Opentop883 Com$limitadong Regalo!mag-register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$ N
We reply all these factors under as we tell you how and why 888 on line casino is a secure, truthful, and authorized playing service for all Kiwis on the market. Below is a desk of providers that you could decide and choose from that will allow you to to safe your transactions to and from the casino. Well, the 888 Casino members have spoken, and from what they play most, 888 are able to compile a listing of the highest games performed. Youre about to experience one thing that no different Kiwi casino online can provide.
As such it must be safe to imagine that 888 offer you consistently aggressive sports activities betting odds. But well have to be certain of this, so we determined to carry out a quick odds comparison check. In terms of sports bets, youll find that sports like soccer, tennis and basketball are most likely to get the best amount of coverage in terms of betting markets. Live Casino Evolution Gaming is the provider of the reside casino and which means the very best sellers, games, and stay environments available anywhere.
1080facts is the compare platform of all casinos on-line with New Zealand on line casino license and gather the newest about casinos and online video games on our many pages, leaderboards and in reviews. All bonuses and promotions featured on this webstie are topic to the respective casinos terms and circumstances though we update All information continuously, bonuses are topic to change. We advocate that you simply go to the website of the operator of your interest and read the applicable terms and circumstances and make sure the data supplied on our portal. Now that you know the way on line casino games work somewhat higher, we introduce you to a number of the hottest game providers. We evaluation all bonuses provided by the casino and claim them so as to verify the authenticity of the information. To finalize the bonus analysis, we confirm the wagering requirements and the contribution of every game to them.
Multiple currencies are accepted at the casino to facilitate easy payments by gamers regardless of their country of origin. In addition, entry our part of casino bonuses and provides to know what are the benefits that may increase your probabilities of successful. Make sure that the slot with progressive jackpot isnt very well known. This way, you might be assured that youre one of the few players who spends their time enjoying this jackpot.
And although nothing is certain in the casino and online gambling always includes a component of unpredictability, youll be able to usually assume this as an online gambler. Since opening at the beginning of October 2021, 888 Casino has carried out lots of work and the range of casino games may be very spectacular. In addit...
22:00
Search Results For: 888 On Line Casino Opentop171 Com$limitadong Regalo!mag-register Para Makakuha Ng P50 Might 50% Cashback Sayong Unang Deposit!$ L h+ Media
Search Results For: 888 On Line Casino Opentop171 Com$limitadong Regalo!mag-register Para Makakuha Ng P50 Might 50% Cashback Sayong Unang Deposit!$ L
Another thrilling welcome offer is the 88 free spins with none deposit. 888casino needs gamers to kickstart their playing voyage with a win. Other thrilling bonuses are the FAB free spins, Fantastic FreePlay, and so forth. The 88 Free spins are valid for scratch video games, and there are limitations on what you possibly can win, similar to the NetEnt free spins. OnlineCasinoReports is a number one unbiased online playing sites reviews provider, delivering trusted online casino evaluations, news, guides and playing info since 1997. All new and present gamers can get pleasure from instant-play video games from an HTML5 web browser, including Google Chrome on Windows or Apple Safari on Mac OS.
- For gamers who like to interact with a real or human vendor, there are live casino games.
- Once youve substantial factors, you can convert them into money in your bank account.
- Apple Pay can then be chosen among the many fee methods in a casino.
- With a background as a on line casino dealer, Roland can present s readers unique insight into video games such as blackjack, roulette and poker.
- The huge benefit of on-line casinos with a NZ license is that theyll supply iDEAL as a fee methodology.
- It was based in 1997 and rapidly established itself because the dominant main player within the global online gaming enterprise.
The web site has a number of support options, including email, phone, fax, and an internet contact form. The FAQ section can also be useful, and gamers can find answers to some frequent questions. Players can use any of the options supplied, with professionalism at all times a assure. A new participant is eligible for a welcome bonus that consists of a 100 percent match of the primary deposit of up to $100, though a minimum deposit of $20 can suffice. The bonus is available daily each time a participant makes a deposit.
888 Casino has over 2000 top-tier video games for gamblers to pick from. In addition, the casino brand has an in-house game developer creating distinctive games peculiar to the net on line casino. Players can make selections from the choice of slots, multi-line slots, basic slots, and progressive mega jackpot slots. Although the casino is not slot-based, its slot games collection is unimaginable and huge in terms of numbers.
We recommend you to set these limits as soon as you arrange your account so as to effectively control your spendings, periods, and deposits from the very first session. 888 Casino is devoted to each slots and reside on line casino, nevertheless its straightforward to make your approach to the place you want to be. Here you possibly can view top tables, refine video games by category after which enter the foyer to pick...
22:00
888 Poker Nz Review 2023 Free $888 Bonus At 888poker h+ Media
888 Poker Nz Review 2023 Free $888 Bonus At 888poker
You can guess scores, scorers, half-time results, outcomes after 10 minutes or seventy five minutes. The world of sports betting itself is greater than one other form of gambling there is. It has taken over general casino gaming by an amount so massive, that we frankly cannot be bothered to do the maths, its just reality now. Keno is not obtainable at an entire lot of on-line casinos just yet, but 888s got you covered.
This platform hosts Casino games, Live Casino games, Sports betting, Poker tournaments, and Bingo. Take your expertise of casino membership to the very best ranges with this lavish loyalty programme. This permits gamers to expertise the same performance and capabilities from any piece of hardware system. The vibrant ambiance created at Christchurch Casino means we are a hotbed for one of the best poker gamers in the nation. Our VIP gaming membership Club Aspinall is a sanctuary for members and their friends on our top-level ground. Gamblers would have to be physically positioned within New Jerseys boundaries in order to play.
While this online on line casino platform is known for its longevity and games that have stood the take a look at of time, its excellent bonus and promotions are one other main perk that makes it stand out. 888 Casino NZ offers players commendable bonuses that help them improve their chances of winning with out having to spend more than they should. These bonuses embrace match money, free spins, and amazing offers that payers can get without restriction. 888 Casino is certainly one of the most respected casinos that gamers can visit to take pleasure in a good gaming atmosphere.
A good variety of deposit platforms may also support withdrawals. You can filter the games by provider and variety of lines, or clear the filters to get the entire slot selection. 888 Casino is offering a huge number of these based mostly on the various software program providers they use to energy their website. There are also reside sport reveals which really add to the digital reality casino gameplay. So, there are additionally some other slot providers which may not be as popular as the listed however are still worth mentioning.
We can say that Bspin is genuinely a fantastic on-line casino that caters to the wants of all kinds of gamblers, on-line casinos that offer no deposit bonuses. If you are taking part in from New Zealand, you might be able to use PayPal for deposits and withdrawals and can even be encouraged to take action, making the money transfers quick and straightforward. In basic, 888 Casino will offer you a enjoyable and exciting atmosphere, https://bahis-siteleri.icu/future-fortune-slot-machine/ with numerous promotions and presents that can keep issues lively and offer you the leisure youre paying for. Freespinsn...
21:58
888starz Evaluation Guess On Sports Activities And Enjoy Nz$1,500 And 150 Free Spins h+ Media
888starz Evaluation Guess On Sports Activities And Enjoy Nz$1,500 And 150 Free Spins
1080facts is the evaluate platform of all casinos online with New Zealand casino license and collect the newest about casinos and on-line games on our many pages, leaderboards and in evaluations. All bonuses and promotions featured on this webstie are subject to the respective on line casinos terms and conditions though we update All info continuously, bonuses are subject to alter. We advocate that you just go to the net site of the operator of your interest and read the applicable phrases and conditions and make sure the information offered on our portal. Now that you perceive how on line casino games work a little higher, we introduce you to a few of the hottest game suppliers. We review all bonuses offered by the casino and claim them to have the ability to verify the authenticity of the data. To finalize the bonus analysis, we confirm the wagering requirements and the contribution of each game to them.
The bulk of pokies comes from their in-house division, reviewed above, Net Entertainment and WMS. There are also just a handful of pokies from other providers, like Cryptologic, Barcrest, NextGen and Playtech. Every on line casino participant wants to have the chance to collect actual money prizes at a prime casino. So, you want to know whether or not 888 on line casino gives you this chance, and in that case, what are the odds of winning such prizes. Overall, 888 seems to supply its users diversity in their selection of betting markets, as the bookmaker seemingly has something you would want to place your bets on. Furthermore, the stay betting function on the location is properly run and entices punters to indulge in the more exact elements of sports betting.
If youre a participant who likes to play on mobile, then there are several roulette video games for you. Here you could have extraordinary video games which might be powered by the best developers within the business. You have the largest jackpots to potentially win, and plenty of gaming platforms to discover that we didnt even get into during this evaluation. There is no doubt whatsoever once we say theyre probably the greatest casino operators in the world.
In phrases of cost strategies, Riverbelle Casino is old-fashioned as a outcome of it isnt yet possible to play with cryptocurrencies, but solely with fiat currencies. Deposits are possible from 15$ free of cost, withdrawals are also free of cost and quick, though an identification examine is performed before your first withdrawal. This is widespread in on-line casinos and takes a number of hours, all additional withdrawals are then a lot quicker. Variety is supplied by the daily calendar promotions that you can take advantage of as quickly as you register. Just do not forget to benefit from the welcome bonus to get began with double credit.
When you first deposit on your acc...